How to pass ISC2 SSCP exam with the help of dumps?
DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest ISC2 SSCP Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.
How Do I Know ISC2 SSCP Dumps are Worth it?
Did we mention our latest SSCP Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.
You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just ISC2 Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!
IT Students Are Using our Systems Security Certified Practitioner Dumps Worldwide!
It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Systems Security Certified Practitioner Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.
How to Get SSCP Real Exam Dumps?
Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the SSCP exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!
Frequently Asked Questions
ISC2 SSCP Sample Question Answers
Question # 1
Which of the following statements is most accurate regarding a digital signature?
A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.
Answer: C
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 2
Which of the following standards concerns digital certificates?
A. X.400 B. X.25 C. X.509 D. X.75
Answer: C
Explanation:
X.509 is used in digital certificates. X.400 is used in e-mail as a message handling protocol. X.25
is a standard for the network and data link levels of a communication network and X.75 is a
standard defining ways of connecting two X.25 networks.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 164).
Question # 3
Which of the following offers confidentiality to an e-mail message?
A. The sender encrypting it with its private key. B. The sender encrypting it with its public key. C. The sender encrypting it with the receiver's public key. D. The sender encrypting it with the receiver's private key.
Answer: C
Explanation:
An e-mail message's confidentiality is protected when encrypted with the receiver's public key,
because he is the only one able to decrypt the message. The sender is not supposed to have the
receiver's private key. By encrypting a message with its private key, anybody possessing the
corresponding public key would be able to read the message. By encrypting the message with its
public key, not even the receiver would be able to read the message.
Which of the following is NOT a property of the Rijndael block cipher algorithm?
A. The key sizes must be a multiple of 32 bits B. Maximum block size is 256 bits C. Maximum key size is 512 bits D. The key size does not have to match the block size
Answer: C
Explanation:
The above statement is NOT true and thus the correct answer. The maximum key size on Rijndael
is 256 bits.
There are some differences between Rijndael and the official FIPS-197 specification for AES.
Rijndael specification per se is specified with block and key sizes that must be a multiple of 32
bits, both with a minimum of 128 and a maximum of 256 bits. Namely, Rijndael allows for both key
and block sizes to be chosen independently from the set of { 128, 160, 192, 224, 256 } bits. (And
the key size does not in fact have to match the block size).
However, FIPS-197 specifies that the block size must always be 128 bits in AES, and that the key
size may be either 128, 192, or 256 bits. Therefore AES-128, AES-192, and AES-256 are actually:
Key Size (bits) Block Size (bits)
AES-128 128 128
AES-192 192 128
AES-256 256 128
So in short:
Rijndael and AES differ only in the range of supported values for the block length and cipher key
length.
For Rijndael, the block length and the key length can be independently specified to any multiple of
32 bits, with a minimum of 128 bits, and a maximum of 256 bits.
AES fixes the block length to 128 bits, and supports key lengths of 128, 192 or 256 bits only.
What principle focuses on the uniqueness of separate objects that must be joined together toperform a task? It is sometimes referred to as “what each must bring” and joined together whengetting access or decrypting a file. Each of which does not reveal the other?
A. Dual control B. Separation of duties C. Split knowledge D. Need to know
Answer: C
Explanation:
Split knowledge involves encryption keys being separated into two components, each of which
does not reveal the other. Split knowledge is the other complementary access control principle to
dual control.
In cryptographic terms, one could say dual control and split knowledge are properly implemented if
no one person has access to or knowledge of the content of the complete cryptographic key being
protected by the two rocesses.
The sound implementation of dual control and split knowledge in a cryptographic environment
necessarily means that the quickest way to break the key would be through the best attack known
for the algorithm of that key. The principles of dual control and split knowledge primarily apply to
access to plaintext keys.
Access to cryptographic keys used for encrypting and decrypting data or access to keys that are
encrypted under a master key (which may or may not be maintained under dual control and split
knowledge) do not require dual control and split knowledge. Dual control and split knowledge can
be summed up as the determination of any part of a key being protected must require the collusion
between two or more persons with each supplying unique cryptographic materials that must be
joined together to access the protected key.
Any feasible method to violate the axiom means that the principles of dual control and split
knowledge are not being upheld.
Split knowledge is the unique “what each must bring” and joined together when implementing dual
control. To illustrate, a box containing petty cash is secured by one combination lock and one
keyed lock. One employee is given the combination to the combo lock and another employee has
possession of the correct key to the keyed lock.
In order to get the cash out of the box both employees must be present at the cash box at the
same time. One cannot open the box without the other. This is the aspect of dual control.
On the other hand, split knowledge is exemplified here by the different objects (the combination to
the combo lock and the correct physical key), both of which are unique and necessary, that each
brings to the meeting. Split knowledge focuses on the uniqueness of separate objects that must be
joined together.
Dual control has to do with forcing the collusion of at least two or more persons to combine their
split knowledge to gain access to an asset. Both split knowledge and dual control complement
each other and are necessary functions that implement the segregation of duties in high integrity
cryptographic environments.
The following are incorrect answers:
Dual control is a procedure that uses two or more entities (usually persons) operating in concert to
protect a system resource, such that no single entity acting alone can access that resource. Dual
control is implemented as a security procedure that requires two or more persons to come
together and collude to complete a process. In a cryptographic system the two (or more) persons
would each supply a unique key, that when taken together, performs a cryptographic process.
Split knowledge is the other complementary access control principle to dual control.
Separation of duties - The practice of dividing the steps in a system function among different
individuals, so as to keep a single individual from subverting the process.
The need-to-know principle requires a user having necessity for access to, knowledge of, or
possession of specific information required to perform official tasks or services.
Reference(s) used for this question:
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Shon Harris, CISSP All In One (AIO), 6th Edition , page 126
Question # 13
Which of the following is a symmetric encryption algorithm?
A. RSA B. Elliptic Curve C. RC5 D. El Gamal
Answer: C
Explanation:
RC5 is a symmetric encryption algorithm. It is a block cipher of variable block length, encrypts
through integer addition, the application of a bitwise Exclusive OR (XOR), and variable rotations.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 153).
Question # 14
What level of assurance for a digital certificate verifies a user's name, address, social securitynumber, and other information against a credit bureau database?
A. Level 1/Class 1 B. Level 2/Class 2 C. Level 3/Class 3 D. Level 4/Class 4
Answer: B
Explanation:
Users can obtain certificates with various levels of assurance. Here is a list that describe each of
them:
- Class 1/Level 1 for individuals, intended for email, no proof of identity
For example, level 1 certificates verify electronic mail addresses. This is done through the use of a
personal information number that a user would supply when asked to register. This level of
certificate may also provide a name as well as an electronic mail address; however, it may or may
not be a genuine name (i.e., it could be an alias). This proves that a human being will reply back if
you send an email to that name or email address.
- Class 2/Level 2 is for organizations and companies for which proof of identity is required
Level 2 certificates verify a user's name, address, social security number, and other information
against a credit bureau database.
- Class 3/Level 3 is for servers and software signing, for which independent verification and
checking of identity and authority is done by the issuing certificate authority
Level 3 certificates are available to companies. This level of certificate provides photo identification
to accompany the other items of information provided by a level 2 certificate.
- Class 4 for online business transactions between companies
- Class 5 for private organizations or governmental security
What algorithm has been selected as the AES algorithm, replacing the DES algorithm?
A. RC6 B. Twofish C. Rijndael D. Blowfish
Answer: C
Explanation:
On October 2, 2000, NIST announced the selection of the Rijndael Block Cipher, developed by the
Belgian cryptographers Dr. Joan Daemen and Dr. Vincent Rijmen, as the proposed AES
algorithm. Twofish and RC6 were also candidates. Blowfish is also a symmetric algorithm but
wasn't a finalist for a replacement for DES.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 152).
Question # 16
Which of the following statements pertaining to block ciphers is incorrect?
A. It operates on fixed-size blocks of plaintext. B. It is more suitable for software than hardware implementations. C. Plain text is encrypted with a public key and decrypted with a private key. D. Some Block ciphers can operate internally as a stream.
Answer: C
Explanation:
Block ciphers do not use public cryptography (private and public keys).
Block ciphers is a type of symmetric-key encryption algorithm that transforms a fixed-size block of
plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length.
They are appropriate for software implementations and can operate internally as a stream. See
more info below about DES in Output Feedback Mode (OFB), which makes use internally of a
stream cipher.
The output feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It
generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext.
Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the
plaintext at the same location. This property allows many error correcting codes to function
What can be defined as secret communications where the very existence of the message is hidden?
A. Clustering B. Steganography C. Cryptology D. Vernam cipher
Answer: B
Explanation:
Steganography is a secret communication where the very existence of the message is hidden. For
example, in a digital image, the least significant bit of each word can be used to comprise a
message without causing any significant change in the image. Key clustering is a situation in
which a plaintext message generates identical ciphertext messages using the same transformation
algorithm but with different keys. Cryptology encompasses cryptography and cryptanalysis. The
Vernam Cipher, also called a one-time pad, is an encryption scheme using a random key of the
same size as the message and is used only once. It is said to be unbreakable, even with infinite
resources.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 134).
Question # 18
Which of the following BEST describes a function relying on a shared secret key that is used alongwith a hashing algorithm to verify the integrity of the communication content as well as the sender?
A. Message Authentication Code - MAC B. PAM - Pluggable Authentication Module C. NAM - Negative Acknowledgement Message D. Digital Signature Certificate
Answer: A
Explanation:
The purpose of a message authentication code - MAC is to verify both the source and message
integrity without the need for additional processes.
A MAC algorithm, sometimes called a keyed (cryptographic) hash function (however,
cryptographic hash function is only one of the possible ways to generate MACs), accepts as input
a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes
known as a tag). The MAC value protects both a message's data integrity as well as its
authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the
message content.
MACs differ from digital signatures as MAC values are both generated and verified using the same
secret key. This implies that the sender and receiver of a message must agree on the same key
before initiating communications, as is the case with symmetric encryption. For the same reason,
MACs do not provide the property of non-repudiation offered by signatures specifically in the case
of a network-wide shared secret key: any user who can verify a MAC is also capable of generating
MACs for other messages.
In contrast, a digital signature is generated using the private key of a key pair, which is asymmetric
encryption. Since this private key is only accessible to its holder, a digital signature proves that a
document was signed by none other than that holder. Thus, digital signatures do offer nonrepudiation.
The following answers are incorrect:
PAM - Pluggable Authentication Module: This isn't the right answer. There is no known message
authentication function called a PAM. However, a pluggable authentication module (PAM) is a
mechanism to integrate multiple low-level authentication schemes and commonly used within the
Linux Operating System.
NAM - Negative Acknowledgement Message: This isn't the right answer. There is no known
message authentication function called a NAM. The proper term for a negative acknowledgement
is NAK, it is a signal used in digital communications to ensure that data is received with a
minimum of errors.
Digital Signature Certificate: This isn't right. As it is explained and contrasted in the explanations
provided above.
The following reference(s) was used to create this question:
The CCCure Computer Based Tutorial for Security+, you can subscribe at http://www.cccure.tv
Which of the following is true about link encryption?
A. Each entity has a common key with the destination node. B. Encrypted messages are only decrypted by the final node. C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. D. Only secure nodes are used in this type of transmission.
Answer: C
Explanation:
In link encryption, each entity has keys in common with its two neighboring nodes in the
transmission chain.
Thus, a node receives the encrypted message from its predecessor, decrypts it, and then re773
encrypts it with a new key, common to the successor node. Obviously, this mode does not provide
protection if anyone of the nodes along the transmission path is compromised.
Encryption can be performed at different communication levels, each with different types of
protection and implications. Two general modes of encryption implementation are link encryption
and end-to-end encryption.
Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3
line, or telephone circuit. Not only is the user information encrypted, but the header, trailers,
addresses, and routing data that are part of the packets are also encrypted. The only traffic not
encrypted in this technology is the data link control messaging information, which includes
instructions and parameters that the different link devices use to synchronize communication
methods. Link encryption provides protection against packet sniffers and eavesdroppers.
In end-to-end encryption, the headers, addresses, routing, and trailer information are not
encrypted, enabling attackers to learn more about a captured packet and where it is headed.
Which of the following terms can be described as the process to conceal data into another file ormedia in a practice known as security through obscurity?
A. Steganography B. ADS - Alternate Data Streams C. Encryption D. NTFS ADS
Answer: A
Explanation:
It is the art and science of encoding hidden messages in such a way that no one, apart from the
sender and intended recipient, suspects the existence of the message or could claim there is a
message.
It is a form of security through obscurity.
The word steganography is of Greek origin and means "concealed writing." It combines the Greek
words steganos (), meaning "covered or protected," and graphei () meaning "writing."
The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a
treatise on cryptography and steganography, disguised as a book on magic. Generally, the hidden
messages will appear to be (or be part of) something else: images, articles, shopping lists, or
some other cover text. For example, the hidden message may be in invisible ink between the
visible lines of a private letter.
The advantage of steganography over cryptography alone is that the intended secret message
does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no
matter how unbreakable, will arouse interest, and may in themselves be incriminating in countries
where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents
of a message alone, steganography is concerned with concealing the fact that a secret message
is being sent, as well as concealing the contents of the message.
It is sometimes referred to as Hiding in Plain Sight. This image of trees blow contains in it another
image of a cat using Steganography.
ADS Tree with Cat inside
This image below is hidden in the picture of the trees above:
Hidden Kitty
As explained here the image is hidden by removing all but the two least significant bits of each
color component and subsequent normalization.
ABOUT MSF and LSF
One of the common method to perform steganography is by hiding bits within the Least Significant
Bits of a media (LSB) or what is sometimes referred to as Slack Space. By modifying only the
least significant bit, it is not possible to tell if there is an hidden message or not looking at the
picture or the media. If you would change the Most Significant Bits (MSB) then it would be possible
to view or detect the changes just by looking at the picture. A person can perceive only up to 6 bits
of depth, bit that are changed past the first sixth bit of the color code would be undetectable to a
human eye.
If we make use of a high quality digital picture, we could hide six bits of data within each of the
pixel of the image. You have a color code for each pixel composed of a Red, Green, and Blue
value. The color code is 3 sets of 8 bits each for each of the color. You could change the last two
bit to hide your data. See below a color code for one pixel in binary format. The bits below are not
real they are just example for illustration purpose:
RED GREEN BLUE
0101 0101 1100 1011 1110 0011
MSB LSB MSB LSB MSB LSB
Let's say that I would like to hide the letter A uppercase within the pixels of the picture. If we
convert the letter "A" uppercase to a decimal value it would be number 65 within the ASCII table ,
in binary format the value 65 would translet to 01000001
You can break the 8 bits of character A uppercase in group of two bits as follow: 01 00 00 01
Using the pixel above we will hide those bits within the last two bits of each of the color as follow:
RED GREEN BLUE
0101 0101 1100 1000 1110 0000
MSB LSB MSB LSB MSB LSB
As you can see above, the last two bits of RED was already set to the proper value of 01, then we
move to the GREEN value and we changed the last two bit from 11 to 00, and finally we changed
the last two bits of blue to 00. One pixel allowed us to hide 6 bits of data. We would have to use
another pixel to hide the remaining two bits.
The following answers are incorrect:
- ADS - Alternate Data Streams: This is almost correct but ADS is different from steganography in
that ADS hides data in streams of communications or files while Steganography hides data in a
single file.
- Encryption: This is almost correct but Steganography isn't exactly encryption as much as using
space in a file to store another file.
- NTFS ADS: This is also almost correct in that you're hiding data where you have space to do so.
NTFS, or New Technology File System common on Windows computers has a feature where you
can hide files where they're not viewable under normal conditions. Tools are required to uncover
the ADS-hidden files.
The following reference(s) was used to create this question:
Which of the following answers is described as a random value used in cryptographic algorithmsto ensure that patterns are not created during the encryption process?
A. IV - Initialization Vector B. Stream Cipher C. OTP - One Time Pad D. Ciphertext
Answer: A
Explanation:
The basic power in cryptography is randomness. This uncertainty is why encrypted data is
unusable to someone without the key to decrypt.
Initialization Vectors are a used with encryption keys to add an extra layer of randomness to
encrypted data. If no IV is used the attacker can possibly break the keyspace because of patterns
resulting in the encryption process. Implementation such as DES in Code Book Mode (CBC)
would allow frequency analysis attack to take place.
In cryptography, an initialization vector (IV) or starting variable (SV)is a fixed-size input to a
cryptographic primitive that is typically required to be random or pseudorandom. Randomization is
crucial for encryption schemes to achieve semantic security, a property whereby repeated usage
of the scheme under the same key does not allow an attacker to infer relationships between
segments of the encrypted message. For block ciphers, the use of an IV is described by so-called
modes of operation. Randomization is also required for other primitives, such as universal hash
functions and message authentication codes based thereon.
It is define by TechTarget as:
An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data
encryption. This number, also called a nonce, is employed only one time in any session.
The use of an IV prevents repetition in data encryption, making it more difficult for a hacker using a
dictionary attack to find patterns and break a cipher. For example, a sequence might appear twice
or more within the body of a message. If there are repeated sequences in encrypted data, an
attacker could assume that the corresponding sequences in the message were also identical. The
IV prevents the appearance of corresponding duplicate character sequences in the ciphertext.
The following answers are incorrect:
- Stream Cipher: This isn't correct. A stream cipher is a symmetric key cipher where plaintext digits
are combined with pseudorandom key stream to product cipher text.
- OTP - One Time Pad: This isn't correct but OTP is made up of random values used as key
material. (Encryption key) It is considered by most to be unbreakable but must be changed with a
new key after it is used which makes it impractical for common use.
- Ciphertext: Sorry, incorrect answer. Ciphertext is basically text that has been encrypted with key
material (Encryption key)
The following reference(s) was used to create this question:
For more details on this TOPIC and other QUESTION NO: s of the Security+ CBK, subscribe to
Which type of encryption is considered to be unbreakable if the stream is truly random and is aslarge as the plaintext and never reused in whole or part?
A. One Time Pad (OTP) B. One time Cryptopad (OTC) C. Cryptanalysis D. Pretty Good Privacy (PGP)
Answer: A
Explanation:
OTP or One Time Pad is considered unbreakable if the key is truly random and is as large as the
plaintext and never reused in whole or part AND kept secret.
In cryptography, a one-time pad is a system in which a key generated randomly is used only once
to encrypt a message that is then decrypted by the receiver using the matching one-time pad and
key. Messages encrypted with keys based on randomness have the advantage that there is
theoretically no way to "break the code" by analyzing a succession of messages. Each encryption
is unique and bears no relation to the next encryption so that some pattern can be detected.
With a one-time pad, however, the decrypting party must have access to the same key used to
encrypt the message and this raises the problem of how to get the key to the decrypting party
safely or how to keep both keys secure. One-time pads have sometimes been used when the both
parties started out at the same physical location and then separated, each with knowledge of the
keys in the one-time pad. The key used in a one-time pad is called a secret key because if it is
revealed, the messages encrypted with it can easily be deciphered.
One-time pads figured prominently in secret message transmission and espionage before and
during World War II and in the Cold War era. On the Internet, the difficulty of securely controlling
secret keys led to the invention of public key cryptography.
The biggest challenge with OTP was to get the pad security to the person or entity you wanted to
communicate with. It had to be done in person or using a trusted courrier or custodian. It certainly
did not scale up very well and it would not be usable for large quantity of data that needs to be
encrypted as we often time have today.
The following answers are incorrect:
- One time Cryptopad: Almost but this isn't correct. Cryptopad isn't a valid term in cryptography.
- Cryptanalysis: Sorry, incorrect. Cryptanalysis is the process of analyzing information in an effort
to breach the cryptographic security systems.
- PGP - Pretty Good Privacy: PGP, written by Phil Zimmermann is a data encryption and
decryption program that provides cryptographic privacy and authentication for data. Still isn't the
right answer though. Read more here about PGP.
The following reference(s) was used to create this question:
To get more info on this QUESTION NO: s or any QUESTION NO: s of Security+, subscribe to the
Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credi card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?
A. SSH ( Secure Shell) B. S/MIME (Secure MIME) C. SET (Secure Electronic Transaction) D. SSL (Secure Sockets Layer)
Answer: C
Explanation:
As protocol was introduced by Visa and Mastercard to allow for more credit card transaction
possibilities. It is comprised of three different pieces of software, running on the customer's PC (an
electronic wallet), on the merchant's Web server and on the payment server of the merchant's
bank. The credit card information is sent by the customer to the merchant's Web server, but it
does not open it and instead digitally signs it and sends it to its bank's payment server for
processing.
The following answers are incorrect because :
SSH (Secure Shell) is incorrect as it functions as a type of tunneling mechanism that provides
terminal like access to remote computers.
S/MIME is incorrect as it is a standard for encrypting and digitally signing electronic mail and for
providing secure data transmissions.
SSL is incorrect as it uses public key encryption and provides data encryption, server
authentication, message integrity, and optional client authentication.
When we encrypt or decrypt data there is a basic operation involving ones and zeros where theyare compared in a process that looks something like this:0101 0001 Plain text0111 0011 Key stream0010 0010 OutputWhat is this cryptographic operation called?
A. Exclusive-OR B. Bit Swapping C. Logical-NOR D. Decryption
Answer: A
Explanation:
When we encrypt data we are basically taking the plaintext information and applying some key
material or keystream and conducting something called an XOR or Exclusive-OR operation.
The symbol used for XOR is the following: This is a type of cipher known as a stream cipher.
The operation looks like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output (ciphertext)
As you can see, it's not simple addition and the XOR Operation uses something called a truth
table that explains why 0+1=1 and 1+1=0.
The rules are simples, if both bits are the same the result is zero, if both bits are not the same the
result is one.
The following answers are incorrect:
- Bit Swapping: Incorrect. This isn't a known cryptographic operations.
- Logical NOR: Sorry, this isn't correct but is where only 0+0=1. All other combinations of 1+1, 1+0
equals 0. More on NOR here.
- Decryption: Sorry, this is the opposite of the process of encryption or, the process of applying the
keystream to the plaintext to get the resulting encrypted text.
The following reference(s) was used to create this question:
For more details on XOR and all other QUESTION NO: s of cryptography. Subscribe to our holistic
The Diffie-Hellman algorithm is primarily used to provide which of the following?
A. Confidentiality B. Key Agreement C. Integrity D. Non-repudiation
Answer: B
Explanation:
Diffie and Hellman describe a means for two parties to agree upon a shared secret in such a way
that the secret will be unavailable to eavesdroppers. This secret may then be converted into
cryptographic keying material for other (symmetric) algorithms. A large number of minor variants of
this process exist. See RFC 2631 Diffie-Hellman Key Agreement Method for more details.
In 1976, Diffie and Hellman were the first to introduce the notion of public key cryptography,
requiring a system allowing the exchange of secret keys over non-secure channels. The DiffieHellman algorithm is used for key exchange between two parties communicating with each other,
it cannot be used for encrypting and decrypting messages, or digital signature.
Diffie and Hellman sought to address the issue of having to exchange keys via courier and other
unsecure means. Their efforts were the FIRST asymmetric key agreement algorithm. Since the
Diffie-Hellman algorithm cannot be used for encrypting and decrypting it cannot provide
confidentiality nor integrity. This algorithm also does not provide for digital signature functionality
and thus non-repudiation is not a choice.
NOTE: The DH algorithm is susceptible to man-in-the-middle attacks.
KEY AGREEMENT VERSUS KEY EXCHANGE
A key exchange can be done multiple way. It can be done in person, I can generate a key and
then encrypt the key to get it securely to you by encrypting it with your public key. A Key
Agreement protocol is done over a public medium such as the internet using a mathematical
formula to come out with a common value on both sides of the communication link, without the
ennemy being able to know what the common agreement is.
The following answers were incorrect:
All of the other choices were not correct choices
Reference(s) used for this question:
Shon Harris, CISSP All In One (AIO), 6th edition . Chapter 7, Cryptography, Page 812.
You work in a police department forensics lab where you examine computers for evidence ofcrimes. Your work is vital to the success of the prosecution of criminals.One day you receive a laptop and are part of a two man team responsible for examining ittogether. However, it is lunch time and after receiving the laptop you leave it on your desk and youboth head out to lunch.What critical step in forensic evidence have you forgotten?
A. Chain of custody B. Locking the laptop in your desk C. Making a disk image for examination D. Cracking the admin password with chntpw
Answer: A
Explanation:
When evidence from a crime is to be used in the prosecution of a criminal it is critical that you
follow the law when handling that evidence. Part of that process is called chain of custody and is
when you maintain proactive and documented control over ALL evidence involved in a crime.
Failure to do this can lead to the dismissal of charges against a criminal because if the evidence is
compromised because you failed to maintain of chain of custody.
A chain of custody is chronological documentation for evidence in a particular case, and is
especially important with electronic evidence due to the possibility of fraudulent data alteration,
deletion, or creation. A fully detailed chain of custody report is necessary to prove the physical
custody of a piece of evidence and show all parties that had access to said evidence at any given
time.
Evidence must be protected from the time it is collected until the time it is presented in court.
The following answers are incorrect:
- Locking the laptop in your desk: Even this wouldn't assure that the defense team would try to
challenge chain of custody handling. It's usually easy to break into a desk drawer and evidence
should be stored in approved safes or other storage facility.
- Making a disk image for examination: This is a key part of system forensics where we make a
disk image of the evidence system and study that as opposed to studying the real disk drive. That
could lead to loss of evidence. However if the original evidence is not secured than the chain of
custoday has not been maintained properly.
- Cracking the admin password with chntpw: This isn't correct. Your first mistake was to
compromise the chain of custody of the laptop. The chntpw program is a Linux utility to (re)set the
password of any user that has a valid (local) account on a Windows system, by modifying the
crypted password in the registry's SAM file. You do not need to know the old password to set a
new one. It works offline which means you must have physical access (i.e., you have to shutdown
your computer and boot off a linux floppy disk). The bootdisk includes stuff to access NTFS
partitions and scripts to glue the whole thing together. This utility works with SYSKEY and includes
the option to turn it off. A bootdisk image is provided on their website at
What is NOT true about a one-way hashing function?
A. It provides authentication of the message B. A hash cannot be reverse to get the message used to create the hash C. The results of a one-way hash is a message digest D. It provides integrity of the message
Answer: A
Explanation:
A one way hashing function can only be use for the integrity of a message and not for
authentication or confidentiality. Because the hash creates just a fingerprint of the message which
cannot be reversed and it is also very difficult to create a second message with the same hash.
A hash by itself does not provide Authentication. It only provides a weak form or integrity. It would
be possible for an attacker to perform a Man-In-The-Middle attack where both the hash and the
digest could be changed without the receiver knowing it.
A hash combined with your session key will produce a Message Authentication Code (MAC) which
will provide you with both authentication of the source and integrity. It is sometimes referred to as
a Keyed Hash.
A hash encrypted with the sender private key produce a Digital Signature which provide
authentication, but not the hash by itself.
Hashing functions by themselves such as MD5, SHA1, SHA2, SHA-3 does not provide
This type of attack is generally most applicable to public-key cryptosystems, what type of attackam I ?
A. Chosen-Ciphertext attack B. Ciphertext-only attack C. Plaintext Only Attack D. Adaptive-Chosen-Plaintext attack
Answer: A
Explanation:
A chosen-ciphertext attack is one in which cryptanalyst may choose a piece of ciphertext and
attempt to obtain the corresponding decrypted plaintext. This type of attack is generally most
applicable to public-key cryptosystems.
A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst
gathers information, at least in part, by choosing a ciphertext and obtaining its decryption under an
unknown key. In the attack, an adversary has a chance to enter one or more known ciphertexts
into the system and obtain the resulting plaintexts. From these pieces of information the adversary
can attempt to recover the hidden secret key used for decryption.
A number of otherwise secure schemes can be defeated under chosen-ciphertext attack. For
example, the El Gamal cryptosystem is semantically secure under chosen-plaintext attack, but this
semantic security can be trivially defeated under a chosen-ciphertext attack. Early versions of RSA
padding used in the SSL protocol were vulnerable to a sophisticated adaptive chosen-ciphertext
attack which revealed SSL session keys. Chosen-ciphertext attacks have implications for some
self-synchronizing stream ciphers as well. Designers of tamper-resistant cryptographic smart
cards must be particularly cognizant of these attacks, as these devices may be completely under
the control of an adversary, who can issue a large number of chosen-ciphertexts in an attempt to
recover the hidden secret key.
According to RSA:
Cryptanalytic attacks are generally classified into six categories that distinguish the kind of
information the cryptanalyst has available to mount an attack. The categories of attack are listed
here roughly in increasing order of the quality of information available to the cryptanalyst, or,
equivalently, in decreasing order of the level of difficulty to the cryptanalyst. The objective of the
cryptanalyst in all cases is to be able to decrypt new pieces of ciphertext without additional
information. The ideal for a cryptanalyst is to extract the secret key.
A ciphertext-only attack is one in which the cryptanalyst obtains a sample of ciphertext, without the
plaintext associated with it. This data is relatively easy to obtain in many scenarios, but a
successful ciphertext-only attack is generally difficult, and requires a very large ciphertext sample.
Such attack was possible on cipher using Code Book Mode where frequency analysis was being
used and even thou only the ciphertext was available, it was still possible to eventually collect
enough data and decipher it without having the key.
A known-plaintext attack is one in which the cryptanalyst obtains a sample of ciphertext and the
corresponding plaintext as well. The known-plaintext attack (KPA) or crib is an attack model for
cryptanalysis where the attacker has samples of both the plaintext and its encrypted version
(ciphertext), and is at liberty to make use of them to reveal further secret information such as
secret keys and code books.
A chosen-plaintext attack is one in which the cryptanalyst is able to choose a quantity of plaintext
and then obtain the corresponding encrypted ciphertext. A chosen-plaintext attack (CPA) is an
attack model for cryptanalysis which presumes that the attacker has the capability to choose
arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. The goal of the
attack is to gain some further information which reduces the security of the encryption scheme. In
the worst case, a chosen-plaintext attack could reveal the scheme's secret key.
This appears, at first glance, to be an unrealistic model; it would certainly be unlikely that an
attacker could persuade a human cryptographer to encrypt large amounts of plaintexts of the
attacker's choosing. Modern cryptography, on the other hand, is implemented in software or
hardware and is used for a diverse range of applications; for many cases, a chosen-plaintext
attack is often very feasible. Chosen-plaintext attacks become extremely important in the context
of public key cryptography, where the encryption key is public and attackers can encrypt any
plaintext they choose.
Any cipher that can prevent chosen-plaintext attacks is then also guaranteed to be secure against
known-plaintext and ciphertext-only attacks; this is a conservative approach to security.
Two forms of chosen-plaintext attack can be distinguished:
Batch chosen-plaintext attack, where the cryptanalyst chooses all plaintexts before any of them
are encrypted. This is often the meaning of an unqualified use of "chosen-plaintext attack".
Adaptive chosen-plaintext attack, is a special case of chosen-plaintext attack in which the
cryptanalyst is able to choose plaintext samples dynamically, and alter his or her choices based on
the results of previous encryptions. The cryptanalyst makes a series of interactive queries,
choosing subsequent plaintexts based on the information from the previous encryptions.
Non-randomized (deterministic) public key encryption algorithms are vulnerable to simple
"dictionary"-type attacks, where the attacker builds a table of likely messages and their
corresponding ciphertexts. To find the decryption of some observed ciphertext, the attacker simply
looks the ciphertext up in the table. As a result, public-key definitions of security under chosenplaintext attack require probabilistic encryption (i.e., randomized encryption). Conventional
symmetric ciphers, in which the same key is used to encrypt and decrypt a text, may also be
vulnerable to other forms of chosen-plaintext attack, for example, differential cryptanalysis of block
ciphers.
An adaptive-chosen-ciphertext is the adaptive version of the above attack. A cryptanalyst can
mount an attack of this type in a scenario in which he has free use of a piece of decryption
hardware, but is unable to extract the decryption key from it.
An adaptive chosen-ciphertext attack (abbreviated as CCA2) is an interactive form of chosenciphertext attack in which an attacker sends a number of ciphertexts to be decrypted, then uses
the results of these decryptions to select subsequent ciphertexts. It is to be distinguished from an
indifferent chosen-ciphertext attack (CCA1).
The goal of this attack is to gradually reveal information about an encrypted message, or about the
decryption key itself. For public-key systems, adaptive-chosen-ciphertexts are generally applicable
only when they have the property of ciphertext malleability — that is, a ciphertext can be modified
in specific ways that will have a predictable effect on the decryption of that message.
A Plaintext Only Attack is simply a bogus detractor. If you have the plaintext only then there is no
need to perform any attack.
References:
RSA Laboratories FAQs about today's cryptography: What are some of the basic types of
Which of the following concerning the Rijndael block cipher algorithm is false?
A. The design of Rijndael was strongly influenced by the design of the block cipher Square. B. A total of 25 combinations of key length and block length are possible C. Both block size and key length can be extended to multiples of 64 bits. D. The cipher has a variable block length and key length.
Answer: C
Explanation:
The answer above is the correct answer because it is FALSE. Rijndael does not support multiples
of 64 bits but multiples of 32 bits in the range of 128 bits to 256 bits. Key length could be 128, 160,
192, 224, and 256.
Both block length and key length can be extended very easily to multiples of 32 bits. For a total
combination of 25 different block and key size that are possible.
The Rijndael Cipher
Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen as a candidate
algorithm for the Advanced Encryption Standard (AES) in the United States of America. The cipher
has a variable block length and key length.
Rijndael can be implemented very efficiently on a wide range of processors and in hardware.
The design of Rijndael was strongly influenced by the design of the block cipher Square.
The Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) keys are defined to be either 128, 192, or 256 bits in
accordance with the requirements of the AES.
The number of rounds, or iterations of the main algorithm, can vary from 10 to 14 within the
Advanced Encryption Standard (AES) and is dependent on the block size and key length. 128 bits
keys uses 10 rounds or encryptions, 192 bits keys uses 12 rounds of encryption, and 256 bits keys
uses 14 rounds of encryption.
The low number of rounds has been one of the main criticisms of Rijndael, but if this ever
becomes a problem the number of rounds can easily be increased at little extra cost performance
wise by increasing the block size and key length.
Range of key and block lengths in Rijndael and AES
Rijndael and AES differ only in the range of supported values for the block length and cipher key
length.
For Rijndael, the block length and the key length can be independently specified to any multiple of
32 bits, with a minimum of 128 bits, and a maximum of 256 bits. The support for block and key
lengths 160 and 224 bits was introduced in Joan Daemen and Vincent Rijmen, AES submission
document on Rijndael, Version 2, September 1999 available at
FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and
Technology, U.S. Department of Commerce, November 2001.
Question # 43
What is the name of a one way transformation of a string of characters into a usually shorter fixedlength value or key that represents the original string? Such a transformation cannot be reversed?
A. One-way hash B. DES C. Transposition D. Substitution
Answer: A
Explanation:
A cryptographic hash function is a transformation that takes an input (or 'message') and returns a
fixed-size string, which is called the hash value (sometimes termed a message digest, a digital
fingerprint, a digest or a checksum).
The ideal hash function has three main properties - it is extremely easy to calculate a hash for any
given data, it is extremely difficult or almost impossible in a practical sense to calculate a text that
has a given hash, and it is extremely unlikely that two different messages, however close, will
have the same hash.
Functions with these properties are used as hash functions for a variety of purposes, both within
and outside cryptography. Practical applications include message integrity checks, digital
signatures, authentication, and various information security applications. A hash can also act as a
concise representation of the message or document from which it was computed, and allows easy
indexing of duplicate or unique data files.
In various standards and applications, the two most commonly used hash functions are MD5 and
SHA-1. In 2005, security flaws were identified in both of these, namely that a possible
mathematical weakness might exist, indicating that a stronger hash function would be desirable. In
2007 the National Institute of Standards and Technology announced a contest to design a hash
function which will be given the name SHA-3 and be the subject of a FIPS standard.
A hash function takes a string of any length as input and produces a fixed length string which acts
as a kind of "signature" for the data provided. In this way, a person knowing the hash is unable to
work out the original message, but someone knowing the original message can prove the hash is
created from that message, and none other. A cryptographic hash function should behave as
much as possible like a random function while still being deterministic and efficiently computable.
A cryptographic hash function is considered "insecure" from a cryptographic point of view, if either
of the following is computationally feasible:
finding a (previously unseen) message that matches a given digest
finding "collisions", wherein two different messages have the same message digest.
An attacker who can do either of these things might, for example, use them to substitute an
authorized message with an unauthorized one.
Ideally, it should not even be feasible to find two messages whose digests are substantially
similar; nor would one want an attacker to be able to learn anything useful about a message given
only its digest. Of course the attacker learns at least one piece of information, the digest itself,
which for instance gives the attacker the ability to recognise the same message should it occur
again.
REFERENCES:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Pages 40-41.
What kind of Encryption technology does SSL utilize?
A. Secret or Symmetric key B. Hybrid (both Symmetric and Asymmetric) C. Public Key D. Private key
Answer: B
Explanation:
SSL use public-key cryptography to secure session key, while the session key (secret key) is used
to secure the whole session taking place between both parties communicating with each other.
The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released;
version 2.0 was released in February 1995 but "contained a number of security flaws which
ultimately led to the design of SSL version 3.0." SSL version 3.0, released in 1996, was a
complete redesign of the protocol produced by Paul Kocher working with Netscape engineers Phil
Karlton and Alan Freier.
All of the other answers are incorrect
Question # 45
The computations involved in selecting keys and in enciphering data are complex, and are notpractical for manual use. However, using mathematical properties of modular arithmetic and amethod known as "_________________," RSA is quite feasible for computer use.
A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields
Answer: A
Explanation:
The computations involved in selecting keys and in enciphering data are complex, and are not
practical for manual use. However, using mathematical properties of modular arithmetic and a
method known as computing in Galois fields, RSA is quite feasible for computer use.
Source: FITES, Philip E., KRATZ, Martin P., Information Systems Security: A Practitioner's
Reference, 1993, Van Nostrand Reinhold, page 44.
Question # 46
Which of the following is true about digital certificate?
A. It is the same as digital signature proving Integrity and Authenticity of the data B. Electronic credential proving that the person the certificate was issued to is who they claim to be C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user. D. Can't contain geography data such as country for example.
Answer: B
Explanation:
Digital certificate helps others verify that the public keys presented by users are genuine and valid.
It is a form of Electronic credential proving that the person the certificate was issued to is who they
claim to be.
The certificate is used to identify the certificate holder when conducting electronic transactions.
It is issued by a certification authority (CA). It contains the name of an organization or individual,
the business address, a serial number, expiration dates, a copy of the certificate holder's public
key (used for encrypting messages), and the digital signature of the certificate-issuing authority so
that a recipient can verify that the certificate is real. Some digital certificates conform to a
standard, X.509. Digital certificates can be kept in registries so that authenticating users can look
up other users' public keys.
Digital certificates are key to the PKI process. The digital certificate serves two roles. First, it
ensures the integrity of the public key and makes sure that the key remains unchanged and in a
valid state. Second, it validates that the public key is tied to the stated owner and that all
associated information is true and correct. The information needed to accomplish these goals is
added into the digital certificate.
A Certificate Authority (CA) is an entity trusted by one or more users as an authority in a network
that issues, revokes, and manages digital certificates.
A Registration Authority (RA) performs certificate registration services on behalf of a CA. The RA,
a single purpose server, is responsible for the accuracy of the information contained in a certificate
request. The RA is also expected to perform user validation before issuing a certificate request.
A Digital Certificate is not like same as a digital signature, they are two different things, a digital
Signature is created by using your Private key to encrypt a message digest and a Digital
Certificate is issued by a trusted third party who vouch for your identity.
There are many other third parties which are providing Digital Certifictes and not just Verisign,
RSA.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
Which of the following statements is most accurate regarding a digital signature?
A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.
Answer: C
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 48
The Data Encryption Algorithm performs how many rounds of substitution and permutation?
A. 4 B. 16 C. 54 D. 64
Answer: B
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 49
Which of the following is NOT a property of a one-way hash function?
A. It converts a message of a fixed length into a message digest of arbitrary length. B. It is computationally infeasible to construct two different messages with the same digest. C. It converts a message of arbitrary length into a message digest of a fixed length. D. Given a digest value, it is computationally infeasible to find the corresponding message.
Answer: A
Explanation:
An algorithm that turns messages or text into a fixed string of digits, usually for security or data
management purposes. The "one way" means that it's nearly impossible to derive the original text
from the string.
A one-way hash function is used to create digital signatures, which in turn identify and
authenticate the sender and message of a digitally distributed message.
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and
returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional
change to the data will change the hash value. The data to be encoded is often called the
"message," and the hash value is sometimes called the message digest or simply digest.
The ideal cryptographic hash function has four main or significant properties:
it is easy (but not necessarily quick) to compute the hash value for any given message
it is infeasible to generate a message that has a given hash
it is infeasible to modify a message without changing the hash
it is infeasible to find two different messages with the same hash
Cryptographic hash functions have many information security applications, notably in digital
signatures, message authentication codes (MACs), and other forms of authentication. They can
also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect
duplicate data or uniquely identify files, and as checksums to detect accidental data corruption.
Indeed, in information security contexts, cryptographic hash values are sometimes called (digital)
fingerprints, checksums, or just hash values, even though all these terms stand for functions with
rather different properties and purposes.
Source:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Which of the following can best be defined as a cryptanalysis technique in which the analyst triesto determine the key from knowledge of some plaintext-ciphertext pairs?
A. A known-plaintext attack B. A known-algorithm attack C. A chosen-ciphertext attack D. A chosen-plaintext attack
Answer: A
Explanation:
RFC2828 (Internet Security Glossary) defines a known-plaintext attack as a cryptanalysis
technique in which the analyst tries to determine the key from knowledge of some plaintextciphertext pairs (although the analyst may also have other clues, such as the knowing the
cryptographic algorithm). A chosen-ciphertext attack is defined as a cryptanalysis technique in
which the analyst tries to determine the key from knowledge of plaintext that corresponds to
ciphertext selected (i.e., dictated) by the analyst. A chosen-plaintext attack is a cryptanalysis
technique in which the analyst tries to determine the key from knowledge of ciphertext that
corresponds to plaintext selected (i.e., dictated) by the analyst. The other choice is a distracter.
The following are incorrect answers:
A chosen-plaintext attacks
The attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to
see the corresponding ciphertext. This gives her more power and possibly a deeper understanding
of the way the encryption process works so she can gather more information about the key being
used. Once the key is discovered, other messages encrypted with that key can be decrypted.
A chosen-ciphertext attack
In chosen-ciphertext attacks, the attacker can choose the ciphertext to be decrypted and has
access to the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder
attack to carry out compared to the previously mentioned attacks, and the attacker may need to
have control of the system that contains the cryptosystem.
A known-algorithm attack
Knowing the algorithm does not give you much advantage without knowing the key. This is a
bogus detractor. The algorithm should be public, which is the Kerckhoffs's Principle . The only
secret should be the key.
Reference(s) used for this question:
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Which of the following can best be defined as a key distribution protocol that uses hybridencryption to convey session keys. This protocol establishes a long-term key once, and thenrequires no prior communication in order to establish or exchange keys on a session-by-sessionbasis?
A. Internet Security Association and Key Management Protocol (ISAKMP) B. Simple Key-management for Internet Protocols (SKIP) C. Diffie-Hellman Key Distribution Protocol D. IPsec Key exchange (IKE)
Answer: B
Explanation:
RFC 2828 (Internet Security Glossary) defines Simple Key Management for Internet Protocols
(SKIP) as:
A key distribution protocol that uses hybrid encryption to convey session keys that are used to
encrypt data in IP packets.
SKIP is an hybrid Key distribution protocol similar to SSL, except that it establishes a long-term
key once, and then requires no prior communication in order to establish or exchange keys on a
session-by-session basis. Therefore, no connection setup overhead exists and new keys values
are not continually generated. SKIP uses the knowledge of its own secret key or private
component and the destination's public component to calculate a unique key that can only be used
between them.
IKE stand for Internet Key Exchange, it makes use of ISAKMP and OAKLEY internally.
Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in
the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509
certificates for authentication and a Diffie–Hellman key exchange to set up a shared session
secret from which cryptographic keys are derived.
The following are incorrect answers:
ISAKMP is an Internet IPsec protocol to negotiate, establish, modify, and delete security
associations, and to exchange key generation and authentication data, independent of the details
of any specific key generation technique, key establishment protocol, encryption algorithm, or
authentication mechanism.
IKE is an Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended
for putting in place authenticated keying material for use with ISAKMP and for other security
associations, such as in AH and ESP.
IPsec Key exchange (IKE) is only a detracto.
Reference(s) used for this question:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Which of the following can best define the "revocation request grace period"?
A. The period of time allotted within which the user must make a revocation request upon a revocation reason B. Minimum response time for performing a revocation by the CA C. Maximum response time for performing a revocation by the CA D. Time period between the arrival of a revocation request and the publication of the revocation information
Answer: D
Explanation:
The length of time between the Issuer’s receipt of a revocation request and the time the Issuer is
required to revoke the certificate should bear a reasonable relationship to the amount of risk the
participants are willing to assume that someone may rely on a certificate for which a proper
evocation request has been given but has not yet been acted upon.
How quickly revocation requests need to be processed (and CRLs or certificate status databases
need to be updated) depends upon the specific application for which the Policy Authority is rafting
the Certificate Policy.
A Policy Authority should recognize that there may be risk and lost tradeoffs with respect to grace
periods for revocation notices.
If the Policy Authority determines that its PKI participants are willing to accept a grace period of a
few hours in exchange for a lower implementation cost, the Certificate Policy may reflect that
decision.
Question # 54
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based onOAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMPand for other security associations?
A. Internet Key exchange (IKE) B. Security Association Authentication Protocol (SAAP) C. Simple Key-management for Internet Protocols (SKIP) D. Key Exchange Algorithm (KEA)
Answer: A
Explanation:
RFC 2828 (Internet Security Glossary) defines IKE as an Internet, IPsec, key-establishment
protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying
material for use with ISAKMP and for other security associations, such as in AH and ESP.
The following are incorrect answers:
SKIP is a key distribution protocol that uses hybrid encryption to convey session keys that are
used to encrypt data in IP packets.
The Key Exchange Algorithm (KEA) is defined as a key agreement algorithm that is similar to the
Diffie-Hellman algorithm, uses 1024-bit asymmetric keys, and was developed and formerly
classified at the secret level by the NSA.
Security Association Authentication Protocol (SAAP) is a distracter.
Reference(s) used for this question:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 55
Which of the following is defined as a key establishment protocol based on the Diffie-Hellmanalgorithm proposed for IPsec but superseded by IKE?
A. Diffie-Hellman Key Exchange Protocol B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY
Answer: D
Explanation:
RFC 2828 (Internet Security Glossary) defines OAKLEY as a key establishment protocol
(proposed for IPsec but superseded by IKE) based on the Diffie-Hellman algorithm and designed
to be a compatible component of ISAKMP.
ISAKMP is an Internet IPsec protocol to negotiate, establish, modify, and delete security
associations, and to exchange key generation and authentication data, independent of the details
of any specific key generation technique, key establishment protocol, encryption algorithm, or
authentication mechanism.
SKIP is a key distribution protocol that uses hybrid encryption to convey session keys that are
used to encrypt data in IP packets.
ISAKMP provides a framework for authentication and key exchange but does not define them.
ISAKMP is designed to be key exchange independant; that is, it is designed to support many
different key exchanges.
Oakley and SKEME each define a method to establish an authenticated key exchange. This
includes payloads construction, the information payloads carry, the order in which they are
processed and how they are used.
Oakley describes a series of key exchanges-- called modes and details the services provided by
each (e.g. perfect forward secrecy for keys, identity protection, and authentication).
SKEME describes a versatile key exchange technique which provides anonymity, repudiability,
and quick key refreshment.
RFC 2049 describes the IKE protocol using part of Oakley and part of SKEME in conjunction with
ISAKMP to obtain authenticated keying material for use with ISAKMP, and for other security
associations such as AH and ESP for the IETF IPsec DOI.
While Oakley defines "modes", ISAKMP defines "phases". The relationship between the two is
very straightforward and IKE presents different exchanges as modes which operate in one of two
phases.
Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to
communicate. This is called the ISAKMP Security Association (SA). "Main Mode" and "Aggressive
Mode" each accomplish a phase 1 exchange. "Main Mode" and "Aggressive Mode" MUST ONLY
be used in phase 1.
Phase 2 is where Security Associations are negotiated on behalf of services such as IPsec or any
other service which needs key material and/or parameter negotiation. "Quick Mode" accomplishes
a phase 2 exchange. "Quick Mode" MUST ONLY be used in phase 2.
References:
CISSP: Certified Information Systems Security Professional Study Guide By James Michael
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
The All-in-one CISSP Exam Guide, 3rd Edition, by Shon Harris, page 674
The CISSP and CAP Prep Guide, Platinum Edition, by Krutz and Vines
Question # 56
Which of the following would best describe certificate path validation?
A. Verification of the validity of all certificates of the certificate chain to the root certificate B. Verification of the integrity of the associated root certificate C. Verification of the integrity of the concerned private key D. Verification of the revocation status of the concerned certificate
Answer: A
Explanation:
With the advent of public key cryptography (PKI), it is now possible to communicate securely with untrusted parties over the Internet without prior arrangement. One of the necessities arising from such communication is the ability to accurately verify someone's identity (i.e. whether the person you are communicating with is indeed the person who he/she claims to be). In order to be able to
perform identity check for a given entity, there should be a fool-proof method of “binding” the
entity's public key to its unique domain name (DN).
A X.509 digital certificate issued by a well known certificate authority (CA), like Verisign, Entrust,
Thawte, etc., provides a way of positively identifying the entity by placing trust on the CA to have
performed the necessary verifications. A X.509 certificate is a cryptographically sealed data object
that contains the entity's unique DN, public key, serial number, validity period, and possibly other
extensions.
The Windows Operating System offers a Certificate Viewer utility which allows you to double-click
on any certificate and review its attributes in a human-readable format. For instance, the "General"
tab in the Certificate Viewer Window (see below) shows who the certificate was issued to as well
as the certificate's issuer, validation period and usage functions.
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and deletesecurity associations, and to exchange key generation and authentication data, independent of thedetails of any specific key generation technique, key establishment protocol, encryption algorithm,or authentication mechanism?
A. OAKLEY B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. IPsec Key exchange (IKE)
Answer: B
Explanation:
RFC 2828 (Internet Security Glossary) defines the Internet Security Association and Key
Management Protocol (ISAKMP) as an Internet IPsec protocol to negotiate, establish, modify, and
delete security associations, and to exchange key generation and authentication data,
independent of the details of any specific key generation technique, key establishment protocol,
encryption algorithm, or authentication mechanism.
Let's clear up some confusion here first. Internet Key Exchange (IKE) is a hybrid protocol, it
consists of 3 "protocols"
ISAKMP: It's not a key exchange protocol per se, it's a framework on which key exchange
protocols operate. ISAKMP is part of IKE. IKE establishs the shared security policy and
authenticated keys. ISAKMP is the protocol that specifies the mechanics of the key exchange.
Oakley: Describes the "modes" of key exchange (e.g. perfect forward secrecy for keys, identity
protection, and authentication). Oakley describes a series of key exchanges and services.
SKEME: Provides support for public-key-based key exchange, key distribution centres, and
manual installation, it also outlines methods of secure and fast key refreshment.
So yes, IPSec does use IKE, but ISAKMP is part of IKE.
The questions did not ask for the actual key negotiation being done but only for the "exchange of
key generation and authentication data" being done. Under Oakly it would be Diffie Hellman (DH)
that would be used for the actual key nogotiation.
The following are incorrect answers:
Simple Key-management for Internet Protocols (SKIP) is a key distribution protocol that uses
hybrid encryption to convey session keys that are used to encrypt data in IP packets.
OAKLEY is a key establishment protocol (proposed for IPsec but superseded by IKE) based on
the Diffie-Hellman algorithm and designed to be a compatible component of ISAKMP.
IPsec Key Exchange (IKE) is an Internet, IPsec, key-establishment protocol [R2409] (partly based
on OAKLEY) that is intended for putting in place authenticated keying material for use with
ISAKMP and for other security associations, such as in AH and ESP.
Reference used for this question:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 58
Which of the following can be best defined as computing techniques for inseparably embeddingunobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?
A. Steganography B. Digital watermarking C. Digital enveloping D. Digital signature
Answer: B
Explanation:
RFC 2828 (Internet Security Glossary) defines digital watermarking as computing techniques for
inseparably embedding unobtrusive marks or labels as bits in digital data-text, graphics, images,
video, or audio#and for detecting or extracting the marks later. The set of embedded bits (the
digital watermark) is sometimes hidden, usually imperceptible, and always intended to be
unobtrusive. It is used as a measure to protect intellectual property rights. Steganography involves
hiding the very existence of a message. A digital signature is a value computed with a
cryptographic algorithm and appended to a data object in such a way that any recipient of the data
can use the signature to verify the data's origin and integrity. A digital envelope is a combination of
encrypted data and its encryption key in an encrypted form that has been prepared for use of the
recipient.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 59
What can be defined as a value computed with a cryptographic algorithm and appended to a dataobject in such a way that any recipient of the data can use the signature to verify the data's originand integrity?
A. A digital envelope B. A cryptographic hash C. A Message Authentication Code D. A digital signature
Answer: D
Explanation:
RFC 2828 (Internet Security Glossary) defines a digital signature as a value computed with a
cryptographic algorithm and appended to a data object in such a way that any recipient of the data
can use the signature to verify the data's origin and integrity.
The steps to create a Digital Signature are very simple:
1. You create a Message Digest of the message you wish to send
2. You encrypt the message digest using your Private Key which is the action of Signing
3. You send the Message along with the Digital Signature to the recipient
To validate the Digital Signature the recipient will make use of the sender Public Key. Here are the
steps:
1. The receiver will decrypt the Digital Signature using the sender Publick Key producing a clear
text message digest.
2. The receiver will produce his own message digest of the message received.
3. At this point the receiver will compare the two message digest (the one sent and the one
produce by the receiver), if the two matches, it proves the authenticity of the message and it
confirms that the message was not modified in transit validating the integrity as well. Digital
Signatures provides for Authenticity and Integrity only. There is no confidentiality in place, if you
wish to get confidentiality it would be needed for the sender to encrypt everything with the receiver
public key as a last step before sending the message.
A Digital Envelope is a combination of encrypted data and its encryption key in an encrypted form
that has been prepared for use of the recipient. In simple term it is a type of security that uses two
layers of encryption to protect a message. First, the message itself is encoded using symmetric
encryption, and then the key to decode the message is encrypted using public-key encryption.
This technique overcomes one of the problems of public-key encryption, which is that it is slower
than symmetric encryption. Because only the key is protected with public-key encryption, there is
very little overhead.
A cryptographic hash is the result of a cryptographic hash function such as MD5, SHA-1, or SHA2. A hash value also called a Message Digest is like a fingerprint of a message. It is used to
proves integrity and ensure the message was not changed either in transit or in storage.
A Message Authentication Code (MAC) refers to an ANSI standard for a checksum that is
computed with a keyed hash that is based on DES or it can also be produced without using DES
by concataning the Secret Key at the end of the message (simply adding it at the end of the
message) being sent and then producing a Message digest of the Message+Secret Key together.
The MAC is then attached and sent along with the message but the Secret Key is NEVER sent in
clear text over the network.
In cryptography, HMAC (Hash-based Message Authentication Code), is a specific construction for
calculating a message authentication code (MAC) involving a cryptographic hash function in
combination with a secret key. As with any MAC, it may be used to simultaneously verify both the
data integrity and the authenticity of a message. Any cryptographic hash function, such as MD5 or
SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMACMD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the
cryptographic strength of the underlying hash function, the size of its hash output length in bits and
on the size and quality of the cryptographic key.
There is more than one type of MAC: Meet CBC-MAC
In cryptography, a Cipher Block Chaining Message Authentication Code, abbreviated CBC-MAC,
is a technique for constructing a message authentication code from a block cipher. The message
is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that
each block depends on the proper encryption of the previous block. This interdependence ensures
that a change to any of the plaintext bits will cause the final encrypted block to change in a way
that cannot be predicted or counteracted without knowing the key to the block cipher.
References:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Which of the following would best define a digital envelope?
A. A message that is encrypted and signed with a digital certificate. B. A message that is signed with a secret key and encrypted with the sender's private key. C. A message encrypted with a secret key attached with the message. The secret key is encryptedwith the public key of the receiver. D. A message that is encrypted with the recipient's public key and signed with the sender's privatekey.
Answer: C
Explanation:
A digital envelope for a recipient is a combination of encrypted data and its encryption key in an
encrypted form that has been prepared for use of the recipient.
It consists of a hybrid encryption scheme in sealing a message, by encrypting the data and
sending both it and a protected form of the key to the intended recipient, so that one else can open
the message.
In PKCS #7, it means first encrypting the data using a symmetric encryption algorithm and a
secret key, and then encrypting the secret key using an asymmetric encryption algorithm and the
public key of the intended recipient.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 61
A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following?
A. encrypting messages B. signing messages C. verifying signed messages D. decrypt encrypted messages
Answer: C
Explanation:
References: RFC 2459 : Internet X.509 Public Key Infrastructure Certificate and CRL Profile;
GUTMANN, P., X.509 style guide.
Question # 62
What enables users to validate each other's certificate when they are certified under differentcertification hierarchies?
A. Cross-certification B. Multiple certificates C. Redundant certification authorities D. Root certification authorities
Answer: A
Explanation:
Cross-certification is the act or process by which two CAs each certifiy a public key of the other,
issuing a public-key certificate to that other CA, enabling users that are certified under different
certification hierarchies to validate each other's certificate.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 63
What does the directive of the European Union on Electronic Signatures deal with?
A. Encryption of classified data B. Encryption of secret data C. Non repudiation D. Authentication of web servers
Answer: C
Reference: FORD, Warwick & BAUM, Michael S., Secure Electronic Commerce: Building the
Infrastructure for Digital Signatures and Encryption (2nd Edition), 2000, Prentice Hall PTR, Page
589; Directive 1999/93/EC of 13 December 1999 on a Community framework for electronic
signatures.
Question # 64
What is the name of the third party authority that vouches for the binding between the data itemsin a digital certificate?
A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority
Answer: B
Explanation:
A certification authority (CA) is a third party entity that issues digital certificates (especially X.509
certificates) and vouches for the binding between the data items in a certificate. An issuing
authority could be considered a correct answer, but not the best answer, since it is too generic.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 65
What kind of certificate is used to validate a user identity?
A. Public key certificate B. Attribute certificate C. Root certificate D. Code signing certificate
Answer: A
Explanation:
In cryptography, a public key certificate (or identity certificate) is an electronic document which
incorporates a digital signature to bind together a public key with an identity — information such as
the name of a person or an organization, their address, and so forth. The certificate can be used to
verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority
(CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other
users ("endorsements"). In either case, the signatures on a certificate are attestations by the
certificate signer that the identity information and the public key belong together.
In computer security, an authorization certificate (also known as an attribute certificate) is a digital
document that describes a written permission from the issuer to use a service or a resource that
the issuer controls or has access to use. The permission can be delegated.
Some people constantly confuse PKCs and ACs. An analogy may make the distinction clear. A
PKC can be considered to be like a passport: it identifies the holder, tends to last for a long time,
and should not be trivial to obtain. An AC is more like an entry visa: it is typically issued by a
different authority and does not last for as long a time. As acquiring an entry visa typically requires
presenting a passport, getting a visa can be a simpler process.
A real life example of this can be found in the mobile software deployments by large service
providers and are typically applied to platforms such as Microsoft Smartphone (and related),
Symbian OS, J2ME, and others.
In each of these systems a mobile communications service provider may customize the mobile
terminal client distribution (ie. the mobile phone operating system or application environment) to
include one or more root certificates each associated with a set of capabilities or permissions such
as "update firmware", "access address book", "use radio interface", and the most basic one,
"install and execute". When a developer wishes to enable distribution and execution in one of
these controlled environments they must acquire a certificate from an appropriate CA, typically a
large commercial CA, and in the process they usually have their identity verified using out-of-band
mechanisms such as a combination of phone call, validation of their legal entity through
government and commercial databases, etc., similar to the high assurance SSL certificate vetting
process, though often there are additional specific requirements imposed on would-be
developers/publishers.
Once the identity has been validated they are issued an identity certificate they can use to sign
their software; generally the software signed by the developer or publisher's identity certificate is
not distributed but rather it is submitted to processor to possibly test or profile the content before
generating an authorization certificate which is unique to the particular software release. That
certificate is then used with an ephemeral asymmetric key-pair to sign the software as the last step
of preparation for distribution. There are many advantages to separating the identity and
authorization certificates especially relating to risk mitigation of new content being accepted into
the system and key management as well as recovery from errant software which can be used as
What can be defined as a data structure that enumerates digital certificates that were issued toCAs but have been invalidated by their issuer prior to when they were scheduled to expire?
A. Certificate revocation list B. Certificate revocation tree C. Authority revocation list D. Untrusted certificate list
Answer: C
Explanation:
The Internet Security Glossary (RFC2828) defines the Authority Revocation List (ARL) as a data
structure that enumerates digital certificates that were issued to CAs but have been invalidated by
their issuer prior to when they were scheduled to expire.
Do not to confuse with an ARL with a Certificate Revocation List (CRL). A certificate revocation list
is a mechanism for distributing notices of certificate revocations. The question specifically
mentions "issued to CAs" which makes ARL a better answer than CRL.
(I) A data structure that enumerates digital certificates that were issued to CAs but have been
invalidated by their issuer prior to when they were scheduled to expire. (See: certificate expiration,
X.509 authority revocation list.)
In a few words: We use CRL's for end-user cert revocation and ARL's for CA cert revocation - both
can be placed in distribution points.
Question # 67
What is the primary role of smartcards in a PKI?
A. Transparent renewal of user keys B. Easy distribution of the certificates between the users C. Fast hardware encryption of the raw data D. Tamper resistant, mobile storage and application of private keys of the users.
Tamper-resistant microprocessors are used to store and process private or sensitive information,
such as private keys or electronic money credit. To prevent an attacker from retrieving or
modifying the information, the chips are designed so that the information is not accessible through
external means and can be accessed only by the embedded software, which should contain the
appropriate security measures.
Examples of tamper-resistant chips include all secure cryptoprocessors, such as the IBM 4758
and chips used in smartcards, as well as the Clipper chip.
It has been argued that it is very difficult to make simple electronic devices secure against
tampering, because numerous attacks are possible, including:
physical attack of various forms (microprobing, drills, files, solvents, etc.)
freezing the device
applying out-of-spec voltages or power surges
applying unusual clock signals
inducing software errors using radiation
measuring the precise time and power requirements of certain operations (see power analysis)
Tamper-resistant chips may be designed to zeroise their sensitive data (especially cryptographic
keys) if they detect penetration of their security encapsulation or out-of-specification environmental
parameters. A chip may even be rated for "cold zeroisation", the ability to zeroise itself even after
its power supply has been crippled.
Nevertheless, the fact that an attacker may have the device in his possession for as long as he
likes, and perhaps obtain numerous other samples for testing and practice, means that it is
practically impossible to totally eliminate tampering by a sufficiently motivated opponent. Because
of this, one of the most important elements in protecting a system is overall system design. In
particular, tamper-resistant systems should "fail gracefully" by ensuring that compromise of one
device does not compromise the entire system. In this manner, the attacker can be practically
restricted to attacks that cost less than the expected return from compromising a single device
(plus, perhaps, a little more for kudos). Since the most sophisticated attacks have been estimated
to cost several hundred thousand dollars to carry out, carefully designed systems may be
invulnerable in practice
Question # 68
What can be defined as a digital certificate that binds a set of descriptive data items, other than apublic key, either directly to a subject name or to the identifier of another certificate that is a publickey certificate?
A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate
Answer: B
Explanation:
The Internet Security Glossary (RFC2828) defines an attribute certificate as a digital certificate
that binds a set of descriptive data items, other than a public key, either directly to a subject name
or to the identifier of another certificate that is a public-key certificate. A public-key certificate binds
a subject name to a public key value, along with information needed to perform certain
cryptographic functions. Other attributes of a subject, such as a security clearance, may be
certified in a separate kind of digital certificate, called an attribute certificate. A subject may have
multiple attribute certificates associated with its name or with each of its public-key certificates.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 69
Which of the following binds a subject name to a public key value?
A. A public-key certificate B. A public key infrastructure C. A secret key infrastructure D. A private key certificate
Answer: A
Explanation:
Remember the term Public-Key Certificate is synonymous with Digital Certificate or Identity
certificate.
The certificate itself provides the binding but it is the certificate authority who will go through the
Certificate Practice Statements (CPS) actually validating the bindings and vouch for the identity of
the owner of the key within the certificate.
As explained in Wikipedia:
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is
an electronic document which uses a digital signature to bind together a public key with an identity
— information such as the name of a person or an organization, their address, and so forth. The
certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority
(CA). In a web of trust scheme such as PGP or GPG, the signature is of either the user (a selfsigned certificate) or other users ("endorsements") by getting people to sign each other keys. In
either case, the signatures on a certificate are attestations by the certificate signer that the identity
information and the public key belong together.
RFC 2828 defines the certification authority (CA) as:
An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding
between the data items in a certificate.
An authority trusted by one or more users to create and assign certificates. Optionally, the
certification authority may create the user's keys.
X509 Certificate users depend on the validity of information provided by a certificate. Thus, a CA
should be someone that certificate users trust, and usually holds an official position created and
granted power by a government, a corporation, or some other organization. A CA is responsible
for managing the life cycle of certificates and, depending on the type of certificate and the CPS
that applies, may be responsible for the life cycle of key pairs associated with the certificates
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
What attribute is included in a X.509-certificate?
A. Distinguished name of the subject B. Telephone number of the department C. secret key of the issuing CA D. the key pair of the certificate holder
Answer: A
Explanation:
RFC 2459 : Internet X.509 Public Key Infrastructure Certificate and CRL Profile; GUTMANN, P.,
X.509 style guide; SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
Question # 71
What is the name of the protocol use to set up and manage Security Associations (SA) for IPSecurity (IPSec)?
A. Internet Key Exchange (IKE) B. Secure Key Exchange Mechanism C. Oakley D. Internet Security Association and Key Management Protocol
Answer: A
Explanation:
The Key management for IPSec is called the Internet Key Exchange (IKE)
Note: IKE underwent a series of improvements establishing IKEv2 with RFC 4306. The basis of
this answer is IKEv2.
The IKE protocol is a hybrid of three other protocols: ISAKMP (Internet Security Association and
Key Management Protocol), Oakley and SKEME. ISAKMP provides a framework for
authentication and key exchange, but does not define them (neither authentication nor key
exchange). The Oakley protocol describes a series of modes for key exchange and the SKEME
protocol defines key exchange techniques.
IKE—Internet Key Exchange. A hybrid protocol that implements Oakley and Skeme key
exchanges inside the ISAKMP framework. IKE can be used with other protocols, but its initial
implementation is with the IPSec protocol. IKE provides authentication of the IPSec peers,
negotiates IPSec keys, and negotiates IPSec security associations.
IKE is implemented in accordance with RFC 2409, The Internet Key Exchange.
The Internet Key Exchange (IKE) security protocol is a key management protocol standard that is
used in conjunction with the IPSec standard. IPSec can be configured without IKE, but IKE
enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec
standard.
IKE is a hybrid protocol that implements the Oakley key exchange and the SKEME key exchange
inside the Internet Security Association and Key Management Protocol (ISAKMP) framework.
(ISAKMP, Oakley, and SKEME are security protocols implemented by IKE.)
IKE automatically negotiates IPSec security associations (SAs) and enables IPSec secure
communications without costly manual preconfiguration. Specifically, IKE provides these benefits:
•Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at
both peers.
833
•Allows you to specify a lifetime for the IPSec security association.
•Allows encryption keys to change during IPSec sessions.
•Allows IPSec to provide anti-replay services.
•Permits certification authority (CA) support for a manageable, scalable IPSec implementation.
•Allows dynamic authentication of peers.
About ISAKMP
The Internet Security Association and Key Management Protocol (ISAKMP) is a framework that
defines the phases for establishing a secure relationship and support for negotiation of security
attributes, it does not establish sessions keys by itself, it is used along with the Oakley session key
establishment protocol. The Secure Key Exchange Mechanism (SKEME) describes a secure
exchange mechanism and Oakley defines the modes of operation needed to establish a secure
connection.
ISAKMP provides a framework for Internet key management and provides the specific protocol
support for negotiation of security attributes. Alone, it does not establish session keys. However it
can be used with various session key establishment protocols, such as Oakley, to provide a
complete solution to Internet key management.
About Oakley
The Oakley protocol uses a hybrid Diffie-Hellman technique to establish session keys on Internet
hosts and routers. Oakley provides the important security property of Perfect Forward Secrecy
(PFS) and is based on cryptographic techniques that have survived substantial public scrutiny.
Oakley can be used by itself, if no attribute negotiation is needed, or Oakley can be used in
conjunction with ISAKMP. When ISAKMP is used with Oakley, key escrow is not feasible.
The ISAKMP and Oakley protocols have been combined into a hybrid protocol. The resolution of
ISAKMP with Oakley uses the framework of ISAKMP to support a subset of Oakley key exchange
modes. This new key exchange protocol provides optional PFS, full security association attribute
negotiation, and authentication methods that provide both repudiation and non-repudiation.
Implementations of this protocol can be used to establish VPNs and also allow for users from
remote sites (who may have a dynamically allocated IP address) access to a secure network.
About IPSec
The IETF's IPSec Working Group develops standards for IP-layer security mechanisms for both
IPv4 and IPv6. The group also is developing generic key management protocols for use on the
Internet. For more information, refer to the IP Security and Encryption Overview.
IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF)
that provides security for transmission of sensitive information over unprotected networks such as
the Internet. It acts at the network level and implements the following standards:
IPSec
Internet Key Exchange (IKE)
Data Encryption Standard (DES)
MD5 (HMAC variant)
SHA (HMAC variant)
Authentication Header (AH)
Encapsulating Security Payload (ESP)
IPSec services provide a robust security solution that is standards-based. IPSec also provides
data authentication and anti-replay services in addition to data confidentiality services.
For more information regarding IPSec, refer to the chapter "Configuring IPSec Network Security."
About SKEME
SKEME constitutes a compact protocol that supports a variety of realistic scenarios and security
models over Internet. It provides clear tradeoffs between security and performance as required by
the different scenarios without incurring in unnecessary system complexity. The protocol supports
key exchange based on public key, key distribution centers, or manual installation, and provides
for fast and secure key refreshment. In addition, SKEME selectively provides perfect forward
secrecy, allows for replaceability and negotiation of the underlying cryptographic primitives, and
addresses privacy issues as anonymity and repudiatability
SKEME's basic mode is based on the use of public keys and a Diffie-Hellman shared secret
generation.
However, SKEME is not restricted to the use of public keys, but also allows the use of a preshared key. This key can be obtained by manual distribution or by the intermediary of a key
distribution center (KDC) such as Kerberos.
In short, SKEME contains four distinct modes:
Basic mode, which provides a key exchange based on public keys and ensures PFS thanks to
Diffie-Hellman.
A key exchange based on the use of public keys, but without Diffie-Hellman.
A key exchange based on the use of a pre-shared key and on Diffie-Hellman.
A mechanism of fast rekeying based only on symmetrical algorithms.
In addition, SKEME is composed of three phases: SHARE, EXCH and AUTH.
During the SHARE phase, the peers exchange half-keys, encrypted with their respective public
keys. These two half-keys are used to compute a secret key K. If anonymity is wanted, the
identities of the two peers are also encrypted. If a shared secret already exists, this phase is
skipped.
The exchange phase (EXCH) is used, depending on the selected mode, to exchange either DiffieHellman public values or nonces. The Diffie-Hellman shared secret will only be computed after the
end of the exchanges.
The public values or nonces are authenticated during the authentication phase (AUTH), using the
secret key established during the SHARE phase.
The messages from these three phases do not necessarily follow the order described above; in
actual practice they are combined to minimize the number of exchanged messages.
References used for this question:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 172).
Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:
A. Not possible B. Only possible with key recovery scheme of all user keys C. It is possible only if X509 Version 3 certificates are used D. It is possible only by "brute force" decryption
Answer: A
Explanation:
Content security measures presumes that the content is available in cleartext on the central mail
server.
Encrypted emails have to be decrypted before it can be filtered (e.g. to detect viruses), so you
need the decryption key on the central "crypto mail server".
There are several ways for such key management, e.g. by message or key recovery methods.
However, that would certainly require further processing in order to achieve such goal.
Question # 73
What is the main problem of the renewal of a root CA certificate?
A. It requires key recovery of all end user keys B. It requires the authentic distribution of the new root CA certificate to all PKI participants C. It requires the collection of the old root CA certificates from all the users D. It requires issuance of the new root CA certificate
Answer: B
Explanation:
The main task here is the authentic distribution of the new root CA certificate as new trust anchor
to all the PKI participants (e.g. the users).
In some of the rollover-scenarios there is no automatic way, often explicit assignment of trust from
each user is needed, which could be very costly.
Other methods make use of the old root CA certificate for automatic trust establishment (see
PKIX-reference), but these solutions works only well for scenarios with currently valid root CA
certificates (and not for emergency cases e.g. compromise of the current root CA certificate).
The rollover of the root CA certificate is a specific and delicate problem and therefore are often
ignored during PKI deployment.
Reference: Camphausen, I.; Petersen, H.; Stark, C.: Konzepte zum Root CA Zertifikatswechsel,
conference Enterprise Security 2002, March 26-27, 2002, Paderborn; RFC 2459 : Internet X.509
Public Key Infrastructure Certificate and CRL Profile.
Question # 74
Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?
A. The SSL protocol was developed by Netscape to secure Internet client-server transactions. B. The SSL protocol's primary use is to authenticate the client to the server using public keycryptography and digital certificates. C. Web pages using the SSL protocol start with HTTPS D. SSL can be used with applications such as Telnet, FTP and email protocols.
Answer: B
Explanation:
All of these statements pertaining to SSL are true except that it is primary use is to authenticate
the client to the server using public key cryptography and digital certificates. It is the opposite, Its
primary use is to authenticate the server to the client.
The following reference(s) were used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
Question # 76
Which of the following was developed in order to protect against fraud in electronic fund transfers(EFT) by ensuring the message comes from its claimed originator and that it has not been alteredin transmission?
A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundancy Check (CRC) D. Secure Hash Standard (SHS)
Answer: B
Explanation:
In order to protect against fraud in electronic fund transfers (EFT), the Message Authentication
Code (MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the
contents of the message itself, that is sensitive to the bit changes in a message. It is similar to a
Cyclic Redundancy Check (CRC).
The aim of message authentication in computer and communication systems is to verify that he
message comes from its claimed originator and that it has not been altered in transmission. It is
particularly needed for EFT Electronic Funds Transfer). The protection mechanism is generation of
a Message Authentication Code (MAC), attached to the message, which can be recalculated by
the receiver and will reveal any alteration in transit. One standard method is described in (ANSI,
X9.9). Message authentication mechanisms an also be used to achieve non-repudiation of
messages.
The Secure Electronic Transaction (SET) was developed by a consortium including MasterCard
and VISA as a means of preventing fraud from occurring during electronic payment.
The Secure Hash Standard (SHS), NIST FIPS 180, available at
A. Creating trust between different PKIs B. Build an overall PKI hierarchy C. set up direct trust to a second root CA D. Prevent the nullification of user certificates by CA certificate revocation
Answer: A
Explanation:
More and more organizations are setting up their own internal PKIs. When these independent
PKIs need to interconnect to allow for secure communication to take place (either between
departments or different companies), there must be a way for the two root CAs to trust each other.
These two CAs do not have a CA above them they can both trust, so they must carry out cross
certification. A cross certification is the process undertaken by CAs to establish a trust relationship
in which they rely upon each other's digital certificates and public keys as if they had issued them
themselves.
When this is set up, a CA for one company can validate digital certificates from the other company
and vice versa.
Reference(s) used for this question:
For more information and illustration on Cross certification:
Shon Harris, CISSP All in one book, 4th Edition, Page 727
and
RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile; FORD, Warwick &
BAUM, Michael S., Secure Electronic Commerce: Building the Infrastructure for Digital Signatures
and Encryption (2nd Edition), 2000, Prentice Hall PTR, Page 254.
Question # 78
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?
A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)
Answer: D
Explanation:
Other elements are included in a PKI.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 165).
Question # 79
In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?
A. Subordinate CA B. Top Level CA C. Big CA D. Master CA
Answer: B
Reference: Arsenault, Turner, Internet X.509 Public Key Infrastructure: Roadmap, Chapter
"Terminology".
Also note that sometimes other terms such as Certification Authority Anchor (CAA) might be used
within some government organization, Top level CA is another common term to indicate the top
level CA, Top Level Anchor could also be used.
Question # 80
Which type of attack is based on the probability of two different messages using the same hashfunction producing a common message digest?
A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack
Answer: C
Explanation:
A Birthday attack is usually applied to the probability of two different messages using the same
hash function producing a common message digest.
The term "birthday" comes from the fact that in a room with 23 people, the probability of two of
more people having the same birthday is greater than 50%.
Linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to
the action of a cipher. Attacks have been developed for block ciphers and stream ciphers. Linear
cryptanalysis is one of the two most widely used attacks on block ciphers; the other being
differential cryptanalysis.
Differential Cryptanalysis is a potent cryptanalytic technique introduced by Biham and Shamir.
Differential cryptanalysis is designed for the study and attack of DES-like cryptosystems. A DESlike cryptosystem is an iterated cryptosystem which relies on conventional cryptographic
techniques such as substitution and diffusion.
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers,
but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study
of how differences in an input can affect the resultant difference at the output. In the case of a
block cipher, it refers to a set of techniques for tracing differences through the network of
transformations, discovering where the cipher exhibits non-random behaviour, and exploiting such
properties to recover the secret key.
Source:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Which of the following statements pertaining to message digests is incorrect?
A. The original file cannot be created from the message digest. B. Two different files should not have the same message digest. C. The message digest should be calculated using at least 128 bytes of the file. D. Messages digests are usually of fixed size.
Answer: C
Explanation:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 160).
Question # 82
Which of the following encryption algorithms does not deal with discrete logarithms?
A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve
Answer: C
Explanation:
The security of the RSA system is based on the assumption that factoring the product into two
original large prime numbers is difficult
Source:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Shon Harris, CISSP All-in-One Examine Guide, Third Edition, McGraw-Hill Companies, August
2005, Chapter 8: Cryptography, Page 636 - 639
Question # 83
What is NOT true with pre shared key authentication within IKE / IPsec protocol?
A. Pre shared key authentication is normally based on simple passwords B. Needs a Public Key Infrastructure (PKI) to work C. IKE is used to setup Security Associations D. IKE builds upon the Oakley protocol and the ISAKMP protocol.
Answer: B
Explanation:
Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in
the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509
certificates for authentication which are either pre-shared or distributed using DNS (preferably with
DNSSEC) and a Diffie–Hellman key exchange to set up a shared session secret from which
cryptographic keys are derived.
Internet Key Exchange (IKE) Internet key exchange allows communicating partners to prove their
identity to each other and establish a secure communication channel, and is applied as an
authentication component of IPSec.
IKE uses two phases:
Phase 1: In this phase, the partners authenticate with each other, using one of the following:
Shared Secret: A key that is exchanged by humans via telephone, fax, encrypted e-mail, etc.
Public Key Encryption: Digital certificates are exchanged.
Revised mode of Public Key Encryption: To reduce the overhead of public key encryption, a nonce
(a Cryptographic function that refers to a number or bit string used only once, in security
engineering) is encrypted with the communicating partner’s public key, and the peer’s identity is
encrypted with symmetric encryption using the nonce as the key. Next, IKE establishes a
temporary security association and secure tunnel to protect the rest of the key exchange. Phase 2:
The peers’ security associations are established, using the secure tunnel and temporary SA
created at the end of phase 1.
The following reference(s) were used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
Cryptography does not concern itself with which of the following choices?
A. Availability B. Integrity C. Confidentiality D. Validation
Answer: D
Explanation:
The cryptography domain addresses the principles, means, and methods of disguising information
to ensure its integrity, confidentiality, and authenticity. Unlike the other domains, cryptography
does not completely support the standard of availability.
Availability
Cryptography supports all three of the core principles of information security. Many access control
systems use cryptography to limit access to systems through the use of passwords. Many tokenbased authentication systems use cryptographic-based hash algorithms to compute one-time
passwords. Denying unauthorized access prevents an attacker from entering and damaging the
system or network, thereby denying access to authorized users if they damage or currupt the data.
Confidentiality
Cryptography provides confidentiality through altering or hiding a message so that ideally it cannot
be understood by anyone except the intended recipient.
Integrity
Cryptographic tools provide integrity checks that allow a recipient to verify that a message has not
been altered. Cryptographic tools cannot prevent a message from being altered, but they are
effective to detect either intentional or accidental modification of the message.
Additional Features of Cryptographic Systems In addition to the three core principles of
information security listed above, cryptographic tools provide several more benefits.
Nonrepudiation
In a trusted environment, the authentication of the origin can be provided through the simple
control of the keys. The receiver has a level of assurance that the message was encrypted by the
sender, and the sender has trust that the message was not altered once it was received. However,
in a more stringent, less trustworthy environment, it may be necessary to provide assurance via a
third party of who sent a message and that the message was indeed delivered to the right
recipient. This is accomplished through the use of digital signatures and public key encryption. The
use of these tools provides a level of nonrepudiation of origin that can be verified by a third party.
Once a message has been received, what is to prevent the recipient from changing the message
and contesting that the altered message was the one sent by the sender? The nonrepudiation of
delivery prevents a recipient from changing the message and falsely claiming that the message is
in its original state. This is also accomplished through the use of public key cryptography and
digital signatures and is verifiable by a trusted third party.
Authentication
Authentication is the ability to determine if someone or something is what it declares to be. This is
primarily done through the control of the keys, because only those with access to the key are able
to encrypt a message. This is not as strong as the nonrepudiation of origin, which will be reviewed
shortly Cryptographic functions use several methods to ensure that a message has not been
changed or altered. These include hash functions, digital signatures, and message authentication
codes (MACs). The main concept is that the recipient is able to detect any change that has been
made to a message, whether accidentally or intentionally.
Access Control
Through the use of cryptographic tools, many forms of access control are supported—from log-ins
via passwords and passphrases to the prevention of access to confidential files or messages. In
all cases, access would only be possible for those individuals that had access to the correct
cryptographic keys.
NOTE FROM CLEMENT:
As you have seen this question was very recently updated with the latest content of the Official
ISC2 Guide (OIG) to the CISSP CBK, Version 3.
Myself, I agree with most of you that cryptography does not help on the availability side and it is
even the contrary sometimes if you loose the key for example. In such case you would loose
access to the data and negatively impact availability. But the ISC2 is not about what I think or what
you think, they have their own view of the world where they claim and state clearly that
cryptography does address availability even thou it does not fully address it.
They look at crypto as the ever emcompassing tool it has become today. Where it can be use for
authentication purpose for example where it would help to avoid corruption of the data through
illegal access by an unauthorized user.
The question is worded this way in purpose, it is VERY specific to the CISSP exam context where
ISC2 preaches that cryptography address availability even thou they state it does not fully address
it. This is something new in the last edition of their book and something you must be aware of.
Best regards
Clement
The following terms are from the Software Development Security domain:
Validation: The assurance that a product, service, or system meets the needs of the customer and
other identified stakeholders. It often involves acceptance and suitability with external customers.
Contrast with verification below."
Verification: The evaluation of whether or not a product, service, or system complies with a
regulation, requirement, specification, or imposed condition. It is often an internal process.
Contrast with validation."
The terms above are from the Software Development Security Domain.
Reference(s) used for this question:
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Which of the following statements pertaining to link encryption is false?
A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets areencrypted.
Answer: C
Explanation:
When using link encryption, packets have to be decrypted at each hop and encrypted again.
Information staying encrypted from one end of its journey to the other is a characteristic of end-toend encryption, not link encryption.
Link Encryption vs. End-to-End Encryption
Link encryption encrypts the entire packet, including headers and trailers, and has to be decrypted
at each hop.
End-to-end encryption does not encrypt the IP Protocol headers, and therefore does not need to
be decrypted at each hop.
Reference: All in one, Page 735 & Glossary
and
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 6).
Question # 87
Which of the following statements pertaining to key management is incorrect?
A. The more a key is used, the shorter its lifetime should be. B. When not using the full keyspace, the key should be extremely random. C. Keys should be backed up or escrowed in case of emergencies. D. A key's lifetime should correspond with the sensitivity of the data it is protecting.
Answer: B
Explanation:
A key should always be using the full spectrum of the keyspace and be extremely random. Other
statements are correct.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 6).
Question # 88
Which of the following is not a one-way hashing algorithm?
A. MD2 B. RC4 C. SHA-1 D. HAVAL
Answer: B
Explanation:
RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed "Rivest
Cipher 4", the RC acronym is alternatively understood to stand for "Ron's Code" (see also RC2,
RC5 and RC6).
RC4 was initially a trade secret, but in September 1994 a description of it was anonymously
posted to the Cypherpunks mailing list. It was soon posted on the sci.crypt newsgroup, and from
there to many sites on the Internet. The leaked code was confirmed to be genuine as its output
was found to match that of proprietary software using licensed RC4. Because the algorithm is
known, it is no longer a trade secret. The name RC4 is trademarked, so RC4 is often referred to
as ARCFOUR or ARC4 (meaning alleged RC4) to avoid trademark problems. RSA Security has
never officially released the algorithm; Rivest has, however, linked to the English Wikipedia article
on RC4 in his own course notes. RC4 has become part of some commonly used encryption
protocols and standards, including WEP and WPA for wireless cards and TLS.
The main factors in RC4's success over such a wide range of applications are its speed and
simplicity: efficient implementations in both software and hardware are very easy to develop.
The following answer were not correct choices:
SHA-1 is a one-way hashing algorithms. SHA-1 is a cryptographic hash function designed by the
United States National Security Agency and published by the United States NIST as a U.S.
Federal Information Processing Standard. SHA stands for "secure hash algorithm".
The three SHA algorithms are structured differently and are distinguished as SHA-0, SHA-1, and
SHA-2. SHA-1 is very similar to SHA-0, but corrects an error in the original SHA hash specification
that led to significant weaknesses. The SHA-0 algorithm was not adopted by many applications.
SHA-2 on the other hand significantly differs from the SHA-1 hash function.
SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several
widely used security applications and protocols. In 2005, security flaws were identified in SHA-1,
namely that a mathematical weakness might exist, indicating that a stronger hash function would
be desirable. Although no successful attacks have yet been reported on the SHA-2 variants, they
are algorithmically similar to SHA-1 and so efforts are underway to develop improved alternatives.
A new hash standard, SHA-3, is currently under development — an ongoing NIST hash function
competition is scheduled to end with the selection of a winning function in 2012.
SHA-1 produces a 160-bit message digest based on principles similar to those used by Ronald L.
Rivest of MIT in the design of the MD4 and MD5 message digest algorithms, but has a more
conservative design.
MD2 is a one-way hashing algorithms. The MD2 Message-Digest Algorithm is a cryptographic
hash function developed by Ronald Rivest in 1989. The algorithm is optimized for 8-bit computers.
MD2 is specified in RFC 1319. Although MD2 is no longer considered secure, even as of 2010 it
remains in use in public key infrastructures as part of certificates generated with MD2 and RSA.
Haval is a one-way hashing algorithms. HAVAL is a cryptographic hash function. Unlike MD5, but
like most modern cryptographic hash functions, HAVAL can produce hashes of different lengths.
HAVAL can produce hashes in lengths of 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits.
HAVAL also allows users to specify the number of rounds (3, 4, or 5) to be used to generate the
hash.
The following reference(s) were used for this question:
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
A. Confidentiality B. Availability C. Integrity D. Authentication
Answer: C
Explanation:
A one-way hash is a function that takes a variable-length string a message, and compresses and
transforms it into a fixed length value referred to as a hash value. It provides integrity, but no
confidentiality, availability or authentication.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 5).
Question # 91
PGP uses which of the following to encrypt data?
A. An asymmetric encryption algorithm B. A symmetric encryption algorithm C. A symmetric key distribution system D. An X.509 digital certificate
Answer: B
Explanation:
Notice that the question specifically asks what PGP uses to encrypt For this, PGP uses an
symmetric key algorithm. PGP then uses an asymmetric key algorithm to encrypt the session key
and then send it securely to the receiver. It is an hybrid system where both types of ciphers are
being used for different purposes.
Whenever a question talks about the bulk of the data to be sent, Symmetric is always best to
choice to use because of the inherent speed within Symmetric Ciphers. Asymmetric ciphers are
100 to 1000 times slower than Symmetric Ciphers.
The other answers are not correct because:
"An asymmetric encryption algorithm" is incorrect because PGP uses a symmetric algorithm to
encrypt data.
"A symmetric key distribution system" is incorrect because PGP uses an asymmetric algorithm for
the distribution of the session keys used for the bulk of the data.
"An X.509 digital certificate" is incorrect because PGP does not use X.509 digital certificates to
encrypt the data, it uses a session key to encrypt the data.
References:
Official ISC2 Guide page: 275
All in One Third Edition page: 664 - 665
Question # 92
The Diffie-Hellman algorithm is used for:
A. Encryption B. Digital signature C. Key agreement D. Non-repudiation
Answer: C
Explanation:
The Diffie-Hellman algorithm is used for Key agreement (key distribution) and cannot be used to
encrypt and decrypt messages.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 4).
Note: key agreement, is different from key exchange, the functionality used by the other
asymmetric algorithms.
References:
AIO, third edition Cryptography (Page 632)
AIO, fourth edition Cryptography (Page 709)
Question # 93
The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?
A. 64 bits of data input results in 56 bits of encrypted output B. 128 bit key with 8 bits used for parity C. 64 bit blocks with a 64 bit total key length D. 56 bits of data input results in 56 bits of encrypted output
Answer: C
Explanation:
DES works with 64 bit blocks of text using a 64 bit key (with 8 bits used for parity, so the effective
key length is 56 bits)c
Some people are getting the Key Size and the Block Size mixed up. The block size is usually a
specific length. For example DES uses block size of 64 bits which results in 64 bits of encrypted
data for each block. AES uses a block size of 128 bits, the block size on AES can only be 128 as
per the published standard FIPS-197.
A DES key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly generated and
used directly by the algorithm. The other 8 bits, which are not used by the algorithm, may be used
for error detection. The 8 error detecting bits are set to make the parity of each 8-bit byte of the
key odd, i.e., there is an odd number of "1"s in each 8-bit byte1. Authorized users of encrypted
computer data must have the key that was used to encipher the data in order to decrypt it.
IN CONTRAST WITH AES
The input and output for the AES algorithm each consist of sequences of 128 bits (digits with
values of 0 or 1). These sequences will sometimes be referred to as blocks and the number of bits
they contain will be referred to as their length. The Cipher Key for the AES algorithm is a
sequence of 128, 192 or 256 bits. Other input, output and Cipher Key lengths are not permitted by
this standard.
The Advanced Encryption Standard (AES) specifies the Rijndael algorithm, a symmetric block
cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and
256 bits. Rijndael was designed to handle additional block sizes and key lengths, however they
are not adopted in the AES standard.
The AES algorithm may be used with the three different key lengths indicated above, and
therefore these different “flavors” may be referred to as “AES-128”, “AES-192”, and “AES-256”.
The other answers are not correct because:
"64 bits of data input results in 56 bits of encrypted output" is incorrect because while DES does
work with 64 bit block input, it results in 64 bit blocks of encrypted output.
"128 bit key with 8 bits used for parity" is incorrect because DES does not ever use a 128 bit key.
"56 bits of data input results in 56 bits of encrypted output" is incorrect because DES always works
with 64 bit blocks of input/output, not 56 bits.
Reference(s) used for this question:
Official ISC2 Guide to the CISSP CBK, Second Edition, page: 336-343
Which of the following is not an example of a block cipher?
A. Skipjack B. IDEA C. Blowfish D. RC4
Answer: D
Explanation:
RC4 is a proprietary, variable-key-length stream cipher invented by Ron Rivest for RSA Data
Security, Inc. Skipjack, IDEA and Blowfish are examples of block ciphers.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 95
What is the key size of the International Data Encryption Algorithm (IDEA)?
A. 64 bits B. 128 bits C. 160 bits D. 192 bits
Answer: B
Explanation:
The International Data Encryption Algorithm (IDEA) is a block cipher that operates on 64 bit blocks
of data with a 128-bit key. The data blocks are divided into 16 smaller blocks and each has eight
rounds of mathematical functions performed on it. It is used in the PGP encryption software.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 3).
Question # 96
Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?
A. The use of good key generators. B. The use of session keys. C. Nothing can defend you against a brute force crypto key attack. D. Algorithms that are immune to brute force key attacks.
Answer: B
Explanation:
If we assume a crytpo-system with a large key (and therefore a large key space) a brute force
attack will likely take a good deal of time - anywhere from several hours to several years
depending on a number of variables. If you use a session key for each message you encrypt, then
the brute force attack provides the attacker with only the key for that one message. So, if you are
encrypting 10 messages a day, each with a different session key, but it takes me a month to break
each session key then I am fighting a loosing battle.
The other answers are not correct because:
"The use of good key generators" is not correct because a brute force key attack will eventually
run through all possible combinations of key. Therefore, any key will eventually be broken in this
manner given enough time.
"Nothing can defend you against a brute force crypto key attack" is incorrect, and not the best
answer listed. While it is technically true that any key will eventually be broken by a brute force
attack, the question remains "how long will it take?". In other words, if you encrypt something
today but I can't read it for 10,000 years, will you still care? If the key is changed every session
does it matter if it can be broken after the session has ended? Of the answers listed here, session
keys are "often considered a good protection against the brute force cryptography attack" as the
question asks.
"Algorithms that are immune to brute force key attacks" is incorrect because there currently are no
such algorithms.
References:
Official ISC2 Guide page: 259
All in One Third Edition page: 623
Question # 97
How many rounds are used by DES?
A. 16 B. 32 C. 64 D. 48
Answer: A
Explanation:
DES is a block encryption algorithm using 56-bit keys and 64-bit blocks that are divided in half and
each character is encrypted one at a time. The characters are put through 16 rounds of
transposition and substitution functions. Triple DES uses 48 rounds.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 3).
Question # 98
Which of the following issues is not addressed by digital signatures?
A. nonrepudiation B. authentication C. data integrity D. denial-of-service
Answer: D
Explanation:
A digital signature directly addresses both confidentiality and integrity of the CIA triad. It does not
directly address availability, which is what denial-of-service attacks.
The other answers are not correct because:
"nonrepudiation" is not correct because a digital signature can provide for nonrepudiation.
"authentication" is not correct because a digital signature can be used as an authentication
mechanism
"data integrity" is not correct because a digital signature does verify data integrity (as part of
nonrepudiation)
References:
Official ISC2 Guide page: 227 & 265
All in One Third Edition page: 648
Question # 99
Which of the following is more suitable for a hardware implementation?
A. Stream ciphers B. Block ciphers C. Cipher block chaining D. Electronic code book
Answer: A
Explanation:
A stream cipher treats the message as a stream of bits or bytes and performs mathematical
functions on them individually. The key is a random value input into the stream cipher, which it
uses to ensure the randomness of the keystream data. They are more suitable for hardware
implementations, because they encrypt and decrypt one bit at a time. They are intensive because
each bit must be manipulated, which works better at the silicon level. Block ciphers operate a the
block level, dividing the message into blocks of bits. Cipher Block chaining (CBC) and Electronic
Code Book (ECB) are operation modes of DES, a block encryption algorithm.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 2).
Question # 100
The primary purpose for using one-way hashing of user passwords within a password file is which of the following?
A. It prevents an unauthorized person from trying multiple passwords in one logon attempt. B. It prevents an unauthorized person from reading the password. C. It minimizes the amount of storage required for user passwords. D. It minimizes the amount of processing time used for encrypting passwords.
Answer: B
Explanation:
The whole idea behind a one-way hash is that it should be just that - one-way. In other words, an
attacker should not be able to figure out your password from the hashed version of that password
in any mathematically feasible way (or within any reasonable length of time).
Password Hashing and Encryption
In most situations , if an attacker sniffs your password from the network wire, she still has some
work to do before she actually knows your password value because most systems hash the
password with a hashing algorithm, commonly MD4 or MD5, to ensure passwords are not sent in
cleartext.
Although some people think the world is run by Microsoft, other types of operating systems are out
there, such as Unix and Linux. These systems do not use registries and SAM databases, but
contain their user passwords in a file cleverly called “shadow.” Now, this shadow file does not
contain passwords in cleartext; instead, your password is run through a hashing algorithm, and the
resulting value is stored in this file.
Unixtype systems zest things up by using salts in this process. Salts are random values added to
the encryption process to add more complexity and randomness. The more randomness entered
into the encryption process, the harder it is for the bad guy to decrypt and uncover your password.
The use of a salt means that the same password can be encrypted into several thousand different
formats. This makes it much more difficult for an attacker to uncover the right format for your
system.
Password Cracking tools
Note that the use of one-way hashes for passwords does not prevent password crackers from
guessing passwords. A password cracker runs a plain-text string through the same one-way hash
algorithm used by the system to generate a hash, then compares that generated has with the one
stored on the system. If they match, the password cracker has guessed your password.
This is very much the same process used to authenticate you to a system via a password. When
you type your username and password, the system hashes the password you typed and compares
that generated hash against the one stored on the system - if they match, you are authenticated.
Pre-Computed password tables exists today and they allow you to crack passwords on Lan
Manager (LM) within a VERY short period of time through the use of Rainbow Tables. A Rainbow
Table is a precomputed table for reversing cryptographic hash functions, usually for cracking
password hashes. Tables are usually used in recovering a plaintext password up to a certain
length consisting of a limited set of characters. It is a practical example of a space/time trade-off
also called a Time-Memory trade off, using more computer processing time at the cost of less
storage when calculating a hash on every attempt, or less processing time and more storage when
compared to a simple lookup table with one entry per hash. Use of a key derivation function that
employs a salt makes this attack unfeasible.
You may want to review "Rainbow Tables" at the links:
This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite, both very wellknown suites at that time, but now deprecated. There also existed a now very old oclHashcat GPU
cracker that was replaced w/ plus and lite, which - as said - were then merged into oclHashcat
1.00 again.
This cracker can crack Hashes of NTLM Version 2 up to 8 characters in less than a few hours. It is
definitively a game changer. It can try hundreds of billions of tries per seconds on a very large
cluster of GPU's. It supports up to 128 Video Cards at once.
I am stuck using Password what can I do to better protect myself?
You could look at safer alternative such as Bcrypt, PBKDF2, and Scrypt.
bcrypt is a key derivation function for passwords designed by Niels Provos and David Mazières,
based on the Blowfish cipher, and presented at USENIX in 1999. Besides incorporating a salt to
protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count
can be increased to make it slower, so it remains resistant to brute-force search attacks even with
increasing computation power.
In cryptography, scrypt is a password-based key derivation function created by Colin Percival,
originally for the Tarsnap online backup service. The algorithm was specifically designed to make
it costly to perform large-scale custom hardware attacks by requiring large amounts of memory. In
2012, the scrypt algorithm was published by the IETF as an Internet Draft, intended to become an
informational RFC, which has since expired. A simplified version of scrypt is used as a proof-ofwork scheme by a number of cryptocurrencies, such as Litecoin and Dogecoin.
PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function that is part of
Which of the following is not a disadvantage of symmetric cryptography when compared withAsymmetric Ciphers?
A. Provides Limited security services B. Has no built in Key distribution C. Speed D. Large number of keys are needed
Answer: C
Explanation:
Symmetric cryptography ciphers are generally fast and hard to break. So speed is one of the key
advantage of Symmetric ciphers and NOT a disadvantage. Symmetric Ciphers uses simple
encryption steps such as XOR, substitution, permutation, shifting columns, shifting rows, etc...
Such steps does not required a large amount of processing power compare to the complex
mathematical problem used within Asymmetric Ciphers.
Some of the weaknesses of Symmetric Ciphers are:
The lack of automated key distribution. Usually an Asymmetric cipher would be use to protect the
symmetric key if it needs to be communicated to another entity securely over a public network. In
the good old day this was done manually where it was distributed using the Floppy Net sometimes
called the Sneaker Net (you run to someone's office to give them the key).
As far as the total number of keys are required to communicate securely between a large group of
users, it does not scale very well. 10 users would require 45 keys for them to communicate
securely with each other. If you have 1000 users then you would need almost half a million key to
communicate secure. On Asymmetric ciphers there is only 2000 keys required for 1000 users. The
formula to calculate the total number of keys required for a group of users who wishes to
communicate securely with each others using Symmetric encryption is Total Number of Users (N)
* Total Number of users minus one Divided by 2 or N (N-1)/2
Symmetric Ciphers are limited when it comes to security services, they cannot provide all of the
security services provided by Asymmetric ciphers. Symmetric ciphers provides mostly
confidentiality but can also provide integrity and authentication if a Message Authentication Code
(MAC) is used and could also provide user authentication if Kerberos is used for example.
Symmetric Ciphers cannot provide Digital Signature and Non-Repudiation.
Reference used for theis question:
WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 2).
Question # 102
Which of the following is best provided by symmetric cryptography?
A. Confidentiality B. Integrity C. Availability D. Non-repudiation
Answer: A
Explanation:
When using symmetric cryptography, both parties will be using the same key for encryption and
decryption. Symmetric cryptography is generally fast and can be hard to break, but it offers limited
overall security in the fact that it can only provide confidentiality.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 2).
Question # 103
How many bits is the effective length of the key of the Data Encryption Standard algorithm?
A. 168 B. 128 C. 56 D. 64
Answer: C
Explanation:
The correct answer is "56". This is actually a bit of a trick question, since the actual key length is
64 bits. However, every eighth bit is ignored because it is used for parity. This makes the "effective
length of the key" that the question actually asks for 56 bits.
The other answers are not correct because:
168 - This is the number of effective bits in Triple DES (56 times 3).
128 - Many encryption algorithms use 128 bit key, but not DES. Note that you may see 128 bit
encryption referred to as "military strength encryption" because many military systems use key of
this length.
64 - This is the actual length of a DES encryption key, but not the "effective length" of the DES
key.
Reference:
Official ISC2 Guide page: 238
All in One Third Edition page: 622
Question # 104
Which of the following would best describe a Concealment cipher?
A. Permutation is used, meaning that letters are scrambled. B. Every X number of words within a text, is a part of the real message. C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks. D. Hiding data in another message so that the very existence of the data is concealed.
Answer: B
Explanation:
When a concealment cipher is used, every X number of words within a text, is a part of the real
message. The message is within another message.
A concealment cipher is a message within a message. If my other super-secret spy buddy and I
decide our key value is every third word, then when I get a message from him, I will pick out every
third word and write it down. Suppose he sends me a message that reads, “The saying, ‘The time
is right’ is not cow language, so is now a dead subject.” Because my key is every third word, I
come up with “The right cow is dead.” This again means nothing to me, and I am now turning in
my decoder ring.
Concealment ciphers include the plaintext within the ciphertext. It is up to the recipient to know
which letters or symbols to exclude from the ciphertext in order to yield the plaintext. Here is an
example of a concealment cipher:
i2l32i5321k34e1245ch456oc12ol234at567e
Remove all the numbers, and you'll have i like chocolate. How about this one?
Larry even appears very excited. No one worries.
The first letter from each word reveals the message leave now. Both are easy, indeed, but many
people have crafted more ingenious ways of concealing the messages. By the way, this type of
cipher doesn't even need ciphertext, such as that in the above examples.
Consider the invisible drying ink that kids use to send secret messages. In a more extreme
example, a man named Histiaeus, during 5th century B.C., shaved the head of a trusted slave,
then tattooed the message onto his bald head. When the slave's hair grew back, Histiaeus sent
the slave to the message's intended recipient, Aristagoros, who shaved the slave's head and read
the message instructing him to revolt.
The following answers are incorrect:
A transposition cipher uses permutations.
A substitution cipher replaces bits, characters, or blocks of characters with different bits,
characters or blocks.
Steganography refers to hiding the very existence of the message.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 1).
What is the role of IKE within the IPsec protocol?
A. peer authentication and key exchange B. data encryption C. data signature D. enforcing quality of service
Answer: A
Reference: RFC 2409: The Internet Key Exchange (IKE); DORASWAMY, Naganand & HARKINS,
Dan, Ipsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks,
1999, Prentice Hall PTR; SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub
Co.
Question # 112
In a SSL session between a client and a server, who is responsible for generating the mastersecret that will be used as a seed to generate the symmetric keys that will be used during thesession?
A. Both client and server B. The client's browser C. The web server D. The merchant's Certificate Server
Answer: B
Explanation:
Once the merchant server has been authenticated by the browser client, the browser generates a
master secret that is to be shared only between the server and client. This secret serves as a seed
to generate the session (private) keys. The master secret is then encrypted with the merchant's
public key and sent to the server. The fact that the master secret is generated by the client's
browser provides the client assurance that the server is not reusing keys that would have been
The RSA cryptosystem is a public-key cryptosystem that offers both encryption and digital
signatures (authentication). Ronald Rivest, Adi Shamir, and Leonard Adleman developed the RSA
system in 1977 [RSA78]; RSA stands for the first letter in each of its inventors' last names.
The RSA algorithm works as follows: take two large primes, p and q, and compute their product n
= pq; n is called the modulus. Choose a number, e, less than n and relatively prime to (p-1)(q-1),
which means e and (p-1)(q-1) have no common factors except 1. Find another number d such that
(ed - 1) is divisible by (p-1)(q-1). The values e and d are called the public and private exponents,
respectively. The public key is the pair (n, e); the private key is (n, d). The factors p and q may be
destroyed or kept with the private key.
It is currently difficult to obtain the private key d from the public key (n, e). However if one could
factor n into p and q, then one could obtain the private key d. Thus the security of the RSA system
is based on the assumption that factoring is difficult. The discovery of an easy method of factoring
would "break" RSA (see Question 3.1.3 and Question 2.3.3).a
Here is how the RSA system can be used for encryption and digital signatures (in practice, the
actual use is slightly different; see Questions 3.1.7 and 3.1.8):
Encryption
Suppose Alice wants to send a message m to Bob. Alice creates the ciphertext c by
exponentiating: c = me mod n, where e and n are Bob's public key. She sends c to Bob. To
decrypt, Bob also exponentiates: m = cd mod n; the relationship between e and d ensures that
Bob correctly recovers m. Since only Bob knows d, only Bob can decrypt this message.
Digital Signature
Suppose Alice wants to send a message m to Bob in such a way that Bob is assured the message
is both authentic, has not been tampered with, and from Alice. Alice creates a digital signature s
by exponentiating: s = md mod n, where d and n are Alice's private key. She sends m and s to
Bob. To verify the signature, Bob exponentiates and checks that the message m is recovered: m =
se mod n, where e and n are Alice's public key.
Thus encryption and authentication take place without any sharing of private keys: each person
uses only another's public key or their own private key. Anyone can send an encrypted message
or verify a signed message, but only someone in possession of the correct private key can decrypt
or sign a message.
Question # 118
Which of the following is NOT a known type of Message Authentication Code (MAC)?
A. Keyed-hash message authentication code (HMAC) B. DES-CBC C. Signature-based MAC (SMAC) D. Universal Hashing Based MAC (UMAC)
Answer: C
Explanation:
There is no such thing as a Signature-Based MAC. Being the wrong choice in the list, it is the best
answer to this question.
WHAT IS A Message Authentication Code (MAC)?
In Cryptography, a MAC (Message Authentication Code) also known as a cryptographic
checksum, is a small block of data that is generated using a secret key and then appended to the
message. When the message is received, the recipient can generate their own MAC using the
secret key, and thereby know that the message has not changed either accidentally or
intentionally in transit. Of course, this assurance is only as strong as the trust that the two parties
have that no one else has access to the secret key.
A MAC is a small representation of a message and has the following characteristics:
A MAC is much smaller than the message generating it.
Given a MAC, it is impractical to compute the message that generated it.
Given a MAC and the message that generated it, it is impractical to find another message
generating the same MAC.
See the graphic below from Wikipedia showing the creation of a MAC value:
Message Authentication Code MAC HMAC
In the example above, the sender of a message runs it through a MAC algorithm to produce a
MAC data tag. The message and the MAC tag are then sent to the receiver. The receiver in turn
runs the message portion of the transmission through the same MAC algorithm using the same
key, producing a second MAC data tag. The receiver then compares the first MAC tag received in
the transmission to the second generated MAC tag. If they are identical, the receiver can safely
assume that the integrity of the message was not compromised, and the message was not altered
or tampered with during transmission.
However, to allow the receiver to be able to detect replay attacks, the message itself must contain
data that assures that this same message can only be sent once (e.g. time stamp, sequence
number or use of a one-time MAC). Otherwise an attacker could — without even understanding its
content — record this message and play it back at a later time, producing the same result as the
original sender.
NOTE: There are many ways of producing a MAC value. Below you have a short list of some
implementation.
The following were incorrect answers for this question:
They were all incorrect answers because they are all real type of MAC implementation.
In the case of DES-CBC, a MAC is generated using the DES algorithm in CBC mode, and the
secret DES key is shared by the sender and the receiver. The MAC is actually just the last block of
ciphertext generated by the algorithm. This block of data (64 bits) is attached to the unencrypted
message and transmitted to the far end. All previous blocks of encrypted data are discarded to
prevent any attack on the MAC itself. The receiver can just generate his own MAC using the
secret DES key he shares to ensure message integrity and authentication. He knows that the
message has not changed because the chaining function of CBC would significantly alter the last
block of data if any bit had changed anywhere in the message. He knows the source of the
message (authentication) because only one other person holds the secret key.
A Keyed-hash message authentication code (HMAC) is a specific construction for calculating a
message authentication code (MAC) involving a cryptographic hash function in combination with a
secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data
integrity and the authentication of a message. Any cryptographic hash function, such as MD5,
SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMACMD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the
cryptographic strength of the underlying hash function, the size of its hash output, and on the size
and quality of the key.
A message authentication code based on universal hashing, or UMAC, is a type of message
authentication code (MAC) calculated choosing a hash function from a class of hash functions
according to some secret (random) process and applying it to the message. The resulting digest or
fingerprint is then encrypted to hide the identity of the hash function used. As with any MAC, it may
be used to simultaneously verify both the data integrity and the authenticity of a message. UMAC
is specified in RFC 4418, it has provable cryptographic strength and is usually a lot less
computationally intensive than other MACs.
What is the MicMac (confusion) with MIC and MAC?
The term message integrity code (MIC) is frequently substituted for the term MAC, especially in
communications, where the acronym MAC traditionally stands for Media Access Control when
referring to Networking. However, some authors use MIC as a distinctly different term from a MAC;
in their usage of the term the MIC operation does not use secret keys. This lack of security means
that any MIC intended for use gauging message integrity should be encrypted or otherwise be
protected against tampering. MIC algorithms are created such that a given message will always
produce the same MIC assuming the same algorithm is used to generate both. Conversely, MAC
algorithms are designed to produce matching MACs only if the same message, secret key and
initialization vector are input to the same algorithm. MICs do not use secret keys and, when taken
on their own, are therefore a much less reliable gauge of message integrity than MACs. Because
MACs use secret keys, they do not necessarily need to be encrypted to provide the same level of
assurance.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
A. a fixed length message digest from a fixed length input message B. a variable length message digest from a variable length input message C. a fixed length message digest from a variable length input message D. D. a variable length message digest from a fixed length input message
Answer: C
Explanation:
According to The CISSP Prep Guide, "The Secure Hash Algorithm (SHA-1) computes a fixed
length message digest from a variable length input message."
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, page 160.
A. Is a generic term for encryption. B. Is specific to substitution ciphers. C. Deals with linguistic units. D. Is specific to transposition ciphers.
Answer: C
Explanation:
Historically, a code refers to a cryptosystem that deals with linguistic units: words, phrases,
sentences, and so forth. Codes are only useful for specialized circumstances where the message
to transmit has an already defined equivalent ciphertext word.
Source: DUPUIS, Cl?ment, CISSP Open Study Guide on domain 5, cryptography, April 1999.
Question # 123
In a known plaintext attack, the cryptanalyst has knowledge of which of the following?
A. the ciphertext and the key B. the plaintext and the secret key C. both the plaintext and the associated ciphertext of several messages D. the plaintext and the algorithm
Answer: C
Explanation:
In a known plaintext attack, the attacker has the plaintext and ciphertext of one or more messages.
The goal is to discover the key used to encrypt the messages so that other messages can be
A. Detecting fraudulent insertion. B. Detecting fraudulent deletion. C. Detecting fraudulent modification. D. Detecting fraudulent disclosure.
Answer: D
Explanation:
Cryptography is a detective control in the fact that it allows the detection of fraudulent insertion,
deletion or modification. It also is a preventive control is the fact that it prevents disclosure, but it
usually does not offers any means of detecting disclosure.
Source: DUPUIS, Clement, CISSP Open Study Guide on domain 5, cryptography, April 1999.
Question # 130
Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet?
A. Secure Electronic Transaction (SET) B. MONDEX C. Secure Shell (SSH-2) D. Secure Hypertext Transfer Protocol (S-HTTP)
Answer: A
Explanation:
SET was developed by a consortium including Visa and MasterCard.
Source: Harris, Shon, CISSP All In One Exam Guide, pages 668-669.
Mondex is a smart card electronic cash system owned by MasterCard.
SSH-2 is a secure, efficient, and portable version of SSH (Secure Shell) which is a secure
replacement for telnet.
Secure HTTP is a secure message-oriented communications protocol designed for use in
conjunction with HTTP. It is designed to coexist with HTTP's messaging model and to be easily
integrated with HTTP applications.
Question # 131
Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec?
A. Authentication Header (AH) B. Encapsulating Security Payload (ESP) C. Secure Sockets Layer (SSL) D. Secure Shell (SSH-2)
Answer: A
Explanation:
As per the RFC in reference, the Authentication Header (AH) protocol is a mechanism for
providing strong integrity and authentication for IP datagrams. It might also provide nonrepudiation, depending on which cryptographic algorithm is used and how keying is performed.
For example, use of an asymmetric digital signature algorithm, such as RSA, could provide nonrepudiation.
from a cryptography point of view, so we will cover it from a VPN point of view here. IPSec is a
suite of protocols that was developed to specifically protect IP traffic. IPv4 does not have any
integrated security, so IPSec was developed to bolt onto IP and secure the data the protocol
transmits. Where PPTP and L2TP work at the data link layer, IPSec works at the network layer of
the OSI model. The main protocols that make up the IPSec suite and their basic functionality are
as follows: A. Authentication Header (AH) provides data integrity, data origin authentication, and
protection from replay attacks. B. Encapsulating Security Payload (ESP) provides confidentiality,
data-origin authentication, and data integrity. C. Internet Security Association and Key
Management Protocol (ISAKMP) provides a framework for security association creation and key
exchange. D. Internet Key Exchange (IKE) provides authenticated keying material for use with
ISAKMP.
The following are incorrect answers:
ESP is a mechanism for providing integrity and confidentiality to IP datagrams. It may also provide
authentication, depending on which lgorithm and algorithm mode are used. Non-repudiation and
protection from traffic analysis are not provided by ESP (RFC 1827).
SSL is a secure protocol used for transmitting private information over the Internet. It works by
using a public key to encrypt data that is transferred of the SSL connection. OIG 2007, page 976
SSH-2 is a secure, efficient, and portable version of SSH (Secure Shell) which is a secure
replacement for telnet.
Reference(s) used for this question:
Shon Harris, CISSP All In One, 6th Edition , Page 705
Business Continuity Planning (BCP) is not defined as a preparation that facilitates:
A. the rapid recovery of mission-critical business operations B. the continuation of critical business functions C. the monitoring of threat activity for adjustment of technical controls D. the reduction of the impact of a disaster
Answer: C
Explanation:
Although important, The monitoring of threat activity for adjustment of technical controls is not
facilitated by a Business Continuity Planning
The following answers are incorrect:
All of the other choices are facilitated by a BCP:
the continuation of critical business functions
the rapid recovery of mission-critical business operations
the reduction of the impact of a disaster
Question # 133
How often should tests and disaster recovery drills be performed?
A. At least once a quarter B. At least once every 6 months C. At least once a year D. At least once every 2 years
Answer: C
Explanation:
Tests and disaster recovery drills should be performed at least once a year. The company should
have no confidence in an untested plan. Since systems and processes can change, frequent
chapter 9: Disaster Recovery and Business continuity (page 621).
Question # 134
What are the three most important functions that Digital Signatures perform?
A. Integrity, Confidentiality and Authorization B. Integrity, Authentication and Nonrepudiation C. Authorization, Authentication and Nonrepudiation D. Authorization, Detection and Accountability
Answer: B
Reference: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook,
4th Edition, Volume 2.
Question # 135
After a company is out of an emergency state, what should be moved back to the original sitefirst?
A. Executives B. Least critical components C. IT support staff D. Most critical components
Answer: B
Explanation:
This will expose any weaknesses in the plan and ensure the primary site has been properly
repaired before moving back. Moving critical assets first may induce a second disaster if the
primary site has not been repaired properly.
The first group to go back would test items such as connectivity, HVAC, power, water, improper
procedures, and/or steps that has been overlooked or not done properly. By moving these first,
and fixing any problems identified, the critical operations of the company are not negatively
chapter 9: Disaster Recovery and Business continuity (page 621).
Question # 136
Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)?
A. It has been mathematically proved to be more secure. B. It has been mathematically proved to be less secure. C. It is believed to require longer key for equivalent security. D. It is believed to require shorter keys for equivalent security.
Answer: D
Explanation:
The following answers are incorrect: It has been mathematically proved to be less secure. ECC
has not been proved to be more or less secure than RSA. Since ECC is newer than RSA, it is
considered riskier by some, but that is just a general assessment, not based on mathematical
arguments.
It has been mathematically proved to be more secure. ECC has not been proved to be more or
less secure than RSA. Since ECC is newer than RSA, it is considered riskier by some, but that is
just a general assessment, not based on mathematical arguments.
It is believed to require longer key for equivalent security. On the contrary, it is believed to require
shorter keys for equivalent security of RSA.
Shon Harris, AIO v5 pg719 states:
"In most cases, the longer the key, the more protection that is provided, but ECC can provide the
same level of protection with a key size that is shorter that what RSA requires"
The following reference(s) were/was used to create this question:
ISC2 OIG, 2007 p. 258
Shon Harris, AIO v5 pg719
Question # 137
What is electronic vaulting?
A. Information is backed up to tape on a hourly basis and is stored in a on-site vault. B. Information is backed up to tape on a daily basis and is stored in a on-site vault. C. Transferring electronic journals or transaction logs to an off-site storage facility D. A transfer of bulk information to a remote central backup facility.
Answer: D
Explanation:
Electronic vaulting is defined as "a method of transferring bulk information to off-site facilities for
backup purposes". Remote Journaling is the same concept as electronic vaulting, but has to do
with journals and transaction logs, not the actual files.
9: Disaster Recovery and Business continuity (page 618).
Question # 140
Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?
A. Personnel turnover B. Large plans can take a lot of work to maintain C. Continous auditing makes a Disaster Recovery plan irrelevant D. Infrastructure and environment changes
Answer: C
Explanation:
Although a auditing is a part of corporate security, it in no way supercedes the requirments for a
disaster recovery plan. All others can be blamed for a plan going out of date.
chapter 9: Disaster Recovery and Business continuity (page 598).
Question # 143
PGP uses which of the following to encrypt data?
A. An asymmetric encryption algorithm B. A symmetric encryption algorithm C. A symmetric key distribution system D. An X.509 digital certificate
Answer: B
Explanation:
Notice that the question specifically asks what PGP uses to encrypt For this, PGP uses an
symmetric key algorithm. PGP then uses an asymmetric key algorithm to encrypt the session key
and then send it securely to the receiver. It is an hybrid system where both types of ciphers are
being used for different purposes.
Whenever a question talks about the bulk of the data to be sent, Symmetric is always best to
choice to use because of the inherent speed within Symmetric Ciphers. Asymmetric ciphers are
100 to 1000 times slower than Symmetric Ciphers.
The other answers are not correct because:
"An asymmetric encryption algorithm" is incorrect because PGP uses a symmetric algorithm to
encrypt data.
"A symmetric key distribution system" is incorrect because PGP uses an asymmetric algorithm for
the distribution of the session keys used for the bulk of the data.
"An X.509 digital certificate" is incorrect because PGP does not use X.509 digital certificates to
encrypt the data, it uses a session key to encrypt the data.
References:
Official ISC2 Guide page: 275
All in One Third Edition page: 664 - 665
Question # 144
All of the following can be considered essential business functions that should be identified whencreating a Business Impact Analysis (BIA) except one. Which of the following would not beconsidered an essential element of the BIA but an important TOPIC to include within the BCPplan:
A. IT Network Support B. Accounting C. Public Relations D. Purchasing
Answer: C
Explanation:
Public Relations, although important to a company, is not listed as an essential business function
that should be identified and have loss criteria developed for.
All other entries are considered essential and should be identified and have loss criteria
chapter 9: Disaster Recovery and Business continuity (page 598)
Question # 145
The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?
A. 64 bits of data input results in 56 bits of encrypted output B. 128 bit key with 8 bits used for parity C. 64 bit blocks with a 64 bit total key length D. 56 bits of data input results in 56 bits of encrypted output
Answer: C
Explanation:
DES works with 64 bit blocks of text using a 64 bit key (with 8 bits used for parity, so the effective
key length is 56 bits).
Some people are getting the Key Size and the Block Size mixed up. The block size is usually a
specific length. For example DES uses block size of 64 bits which results in 64 bits of encrypted
data for each block. AES uses a block size of 128 bits, the block size on AES can only be 128 as
per the published standard FIPS-197.
A DES key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly generated and
used directly by the algorithm. The other 8 bits, which are not used by the algorithm, may be used
for error detection. The 8 error detecting bits are set to make the parity of each 8-bit byte of the
key odd, i.e., there is an odd number of "1"s in each 8-bit byte1. Authorized users of encrypted
computer data must have the key that was used to encipher the data in order to decrypt it.
IN CONTRAST WITH AES
The input and output for the AES algorithm each consist of sequences of 128 bits (digits with
values of 0 or 1). These sequences will sometimes be referred to as blocks and the number of bits
they contain will be referred to as their length. The Cipher Key for the AES algorithm is a
sequence of 128, 192 or 256 bits. Other input, output and Cipher Key lengths are not permitted by
this standard.
The Advanced Encryption Standard (AES) specifies the Rijndael algorithm, a symmetric block
cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and
256 bits. Rijndael was designed to handle additional block sizes and key lengths, however they
are not adopted in the AES standard.
The AES algorithm may be used with the three different key lengths indicated above, and
therefore these different “flavors” may be referred to as “AES-128”, “AES-192”, and “AES-256”.
The other answers are not correct because:
"64 bits of data input results in 56 bits of encrypted output" is incorrect because while DES does
work with 64 bit block input, it results in 64 bit blocks of encrypted output.
"128 bit key with 8 bits used for parity" is incorrect because DES does not ever use a 128 bit key.
"56 bits of data input results in 56 bits of encrypted output" is incorrect because DES always works
with 64 bit blocks of input/output, not 56 bits.
Reference(s) used for this question:
Official ISC2 Guide to the CISSP CBK, Second Edition, page: 336-343
Which of the following best describes remote journaling?
A. Send hourly tapes containing transactions off-site. B. Send daily tapes containing transactions off-site. C. Real-time capture of transactions to multiple storage devices. D. Real time transmission of copies of the entries in the journal of transactions to an alternate site.
Answer: D
Explanation:
Remote Journaling is a technology to facilitate sending copies of the journal of transaction entries
from a production system to a secondary system in realtime. The remote nature of such a
connection is predicated upon having local journaling already established. Local journaling on the
production side allows each change that ensues for a journal-eligible object e.g., database
physical file, SQL table, data area, data queue, byte stream file residing within the IFS) to be
recorded and logged. It’s these local images that flow to the remote system. Once there, the
journal entries serve a variety of purposes, from feeding a high availability software replay
program or data warehouse to offering an offline, realtime vault of the most recent database
changes.
Reference(s) used for this question:
The Essential Guide to Remote Journaling by IBM
and
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and
Disaster Recovery Planning (page 286).
Question # 147
What is a hot-site facility?
A. A site with pre-installed computers, raised flooring, air conditioning, telecommunications andnetworking equipment, and UPS. B. A site in which space is reserved with pre-installed wiring and raised floors. C. A site with raised flooring, air conditioning, telecommunications, and networking equipment, andUPS. D. A site with ready made work space with telecommunications equipment, LANs, PCs, and terminalsfor work groups.
Answer: A
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 148
Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?
A. The use of good key generators. B. The use of session keys. C. Nothing can defend you against a brute force crypto key attack. D. Algorithms that are immune to brute force key attacks.
Answer: B
Explanation:
If we assume a crytpo-system with a large key (and therefore a large key space) a brute force
attack will likely take a good deal of time - anywhere from several hours to several years
depending on a number of variables. If you use a session key for each message you encrypt, then
the brute force attack provides the attacker with only the key for that one message. So, if you are
encrypting 10 messages a day, each with a different session key, but it takes me a month to break
each session key then I am fighting a loosing battle.
The other answers are not correct because:
"The use of good key generators" is not correct because a brute force key attack will eventually
run through all possible combinations of key. Therefore, any key will eventually be broken in this
manner given enough time.
"Nothing can defend you against a brute force crypto key attack" is incorrect, and not the best
answer listed. While it is technically true that any key will eventually be broken by a brute force
attack, the question remains "how long will it take?". In other words, if you encrypt something
today but I can't read it for 10,000 years, will you still care? If the key is changed every session
does it matter if it can be broken after the session has ended? Of the answers listed here, session
keys are "often considered a good protection against the brute force cryptography attack" as the
question asks.
"Algorithms that are immune to brute force key attacks" is incorrect because there currently are no
such algorithms.
References:
Official ISC2 Guide page: 259
All in One Third Edition page: 623
Question # 149
Which of the following will a Business Impact Analysis NOT identify?
A. Areas that would suffer the greatest financial or operational loss in the event of a disaster. B. Systems critical to the survival of the enterprise. C. The names of individuals to be contacted during a disaster. D. The outage time that can be tolerated by the enterprise as a result of a disaster.
Answer: C
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 150
Which of the following issues is not addressed by digital signatures?
A. nonrepudiation B. authentication C. data integrity D. denial-of-service
Answer: D
Explanation:
A digital signature directly addresses both confidentiality and integrity of the CIA triad. It does not
directly address availability, which is what denial-of-service attacks.
The other answers are not correct because:
"nonrepudiation" is not correct because a digital signature can provide for nonrepudiation.
"authentication" is not correct because a digital signature can be used as an authentication
mechanism
"data integrity" is not correct because a digital signature does verify data integrity (as part of
nonrepudiation)
References:
Official ISC2 Guide page: 227 & 265
All in One Third Edition page: 648
Question # 151
For which areas of the enterprise are business continuity plans required?
A. All areas of the enterprise. B. The financial and information processing areas of the enterprise. C. The operating areas of the enterprise. D. The marketing, finance, and information processing areas.
Answer: A
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 152
Which element must computer evidence have to be admissible in court?
A. It must be relevant. B. It must be annotated. C. It must be printed. D. It must contain source code.
Answer: A
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 153
The deliberate planting of apparent flaws in a system for the purpose of detecting attemptedpenetrations or confusing an intruder about which flaws to exploit is called:
A. alteration B. investigation C. entrapment D. enticement.
Answer: D
Explanation:
Enticement deals with someone that is breaking the law. Entrapment encourages someone to
commit a crime that the individual may or many have had no intention of committing. Enticement is
not necessarily illegal but does raise ethical arguments and may not be admissible in court.
Enticement lures someone toward some evidence (a honeypot would be a great example) after
that individual has already committed a crime.
Entrapment is when you persuade someone to commit a crime when the person otherwise had no
intention to commit a crime. Entrapment is committed by a law enforcement player where you get
tricked into committing a crime for which you woud later on get arrested without knowing you rare
committing such a scrime. It is illegal and unethical as well.
All other choices were not applicable and only detractors.
References:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
and
CISSP Study Guide (Conrad, Misenar, Feldman). Elsevier. 2010. p. 428
The primary purpose for using one-way hashing of user passwords within a password file is whichof the following?
A .It prevents an unauthorized person from trying multiple passwords in one logon attempt. B. It prevents an unauthorized person from reading the password. C. It minimizes the amount of storage required for user passwords. D. It minimizes the amount of processing time used for encrypting passwords.
Answer: B
Explanation:
The whole idea behind a one-way hash is that it should be just that - one-way. In other words, an
attacker should not be able to figure out your password from the hashed version of that password
in any mathematically feasible way (or within any reasonable length of time).
Password Hashing and Encryption
In most situations , if an attacker sniffs your password from the network wire, she still has some
work to do before she actually knows your password value because most systems hash the
password with a hashing algorithm, commonly MD4 or MD5, to ensure passwords are not sent in
cleartext.
Although some people think the world is run by Microsoft, other types of operating systems are out
there, such as Unix and Linux. These systems do not use registries and SAM databases, but
contain their user passwords in a file cleverly called “shadow.” Now, this shadow file does not
contain passwords in cleartext; instead, your password is run through a hashing algorithm, and the
resulting value is stored in this file.
Unixtype systems zest things up by using salts in this process. Salts are random values added to
the encryption process to add more complexity and randomness. The more randomness entered
into the encryption process, the harder it is for the bad guy to decrypt and uncover your password.
The use of a salt means that the same password can be encrypted into several thousand different
formats. This makes it much more difficult for an attacker to uncover the right format for your
system.
Password Cracking tools
Note that the use of one-way hashes for passwords does not prevent password crackers from
guessing passwords. A password cracker runs a plain-text string through the same one-way hash
algorithm used by the system to generate a hash, then compares that generated has with the one
stored on the system. If they match, the password cracker has guessed your password.
This is very much the same process used to authenticate you to a system via a password. When
you type your username and password, the system hashes the password you typed and compares
that generated hash against the one stored on the system - if they match, you are authenticated.
Pre-Computed password tables exists today and they allow you to crack passwords on Lan
Manager (LM) within a VERY short period of time through the use of Rainbow Tables. A Rainbow
Table is a precomputed table for reversing cryptographic hash functions, usually for cracking
password hashes. Tables are usually used in recovering a plaintext password up to a certain
length consisting of a limited set of characters. It is a practical example of a space/time trade-off
also called a Time-Memory trade off, using more computer processing time at the cost of less
storage when calculating a hash on every attempt, or less processing time and more storage when
compared to a simple lookup table with one entry per hash. Use of a key derivation function that
employs a salt makes this attack unfeasible.
You may want to review "Rainbow Tables" at the links:
This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite, both very wellknown suites at that time, but now deprecated. There also existed a now very old oclHashcat GPU
cracker that was replaced w/ plus and lite, which - as said - were then merged into oclHashcat
1.00 again.
This cracker can crack Hashes of NTLM Version 2 up to 8 characters in less than a few hours. It is
definitively a game changer. It can try hundreds of billions of tries per seconds on a very large
cluster of GPU's. It supports up to 128 Video Cards at once.
I am stuck using Password what can I do to better protect myself?
You could look at safer alternative such as Bcrypt, PBKDF2, and Scrypt.
bcrypt is a key derivation function for passwords designed by Niels Provos and David Mazières,
based on the Blowfish cipher, and presented at USENIX in 1999. Besides incorporating a salt to
protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count
can be increased to make it slower, so it remains resistant to brute-force search attacks even with
increasing computation power.
In cryptography, scrypt is a password-based key derivation function created by Colin Percival,
originally for the Tarsnap online backup service. The algorithm was specifically designed to make
it costly to perform large-scale custom hardware attacks by requiring large amounts of memory. In
2012, the scrypt algorithm was published by the IETF as an Internet Draft, intended to become an
informational RFC, which has since expired. A simplified version of scrypt is used as a proof-ofwork scheme by a number of cryptocurrencies, such as Litecoin and Dogecoin.
PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function that is part of
Under the principle of culpable negligence, executives can be held liable for losses that result fromcomputer system breaches if:
A. The company is not a multi-national company. B. They have not exercised due care protecting computing resources. C. They have failed to properly insure computer resources against loss. D. The company does not prosecute the hacker that caused the breach.
Answer: B
Explanation:
Culpable negligence is defined as: Recklessly acting without reasonable caution and putting
another person at risk of injury or death (or failing to do something with the same consequences)
Where a suspected security breach has been caused (through wilful intent or culpable negligence)
disciplinary action may be sought in line with the appropriate misconduct guidelines for internal
employees.
By not exercising Due Care and taking the proper actions, the executives would be liable for
losses a company has suffered.
Reference(s) used for this question:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Which of the following best defines a Computer Security Incident Response Team (CSIRT)?
A. An organization that provides a secure channel for receiving reports about suspected securityincidents. B. An organization that ensures that security incidents are reported to the authorities. C. An organization that coordinates and supports the response to security incidents. D. An organization that disseminates incident-related information to its constituency and otherinvolved parties.
Answer: C
Explanation:
RFC 2828 (Internet Security Glossary) defines a Computer Security Incident Response Team
(CSIRT) as an organization that coordinates and supports the response to security incidents that
involves sites within a defined constituency. This is the proper definition for the CSIRT. To be
considered a CSIRT, an organization must provide a secure channel for receiving reports about
suspected security incidents, provide assistance to members of its constituency in handling the
incidents and disseminate incident-related information to its constituency and other involved
parties. Security-related incidents do not necessarily have to be reported to the authorities.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Question # 157
Which of the following categories of hackers poses the greatest threat?
A. Disgruntled employees B. Student hackers C. Criminal hackers D. Corporate spies
Answer: A
Explanation:
According to the authors, hackers fall in these categories, in increasing threat order: security
experts, students, underemployed adults, criminal hackers, corporate spies and disgruntled
employees.
Disgruntled employees are the most dangerous security problem of all because they are most
likely to have a good knowledge of the organization's IT systems and security measures.
Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 2:
Hackers.
Question # 158
How many bits is the effective length of the key of the Data Encryption Standard algorithm?
A. 168 B. 128 C. 56 D. 64
Answer: C
Explanation:
The correct answer is "56". This is actually a bit of a trick question, since the actual key length is
64 bits. However, every eighth bit is ignored because it is used for parity. This makes the "effective
length of the key" that the question actually asks for 56 bits.
The other answers are not correct because:
168 - This is the number of effective bits in Triple DES (56 times 3).
128 - Many encryption algorithms use 128 bit key, but not DES. Note that you may see 128 bit
encryption referred to as "military strength encryption" because many military systems use key of
this length.
64 - This is the actual length of a DES encryption key, but not the "effective length" of the DES
key.
Reference:
Official ISC2 Guide page: 238
All in One Third Edition page: 622
Question # 159
Under the Business Exemption Rule to the hearsay evidence, which of the following exceptionswould have no bearing on the inadmissibility of audit logs and audit trails in a court of law?
A. Records are collected during the regular conduct of business. B. Records are collected by senior or executive management. C. Records are collected at or near the time of occurrence of the act being investigated to generateautomated reports. D. You can prove no one could have changed the records/data/logs that were collected.
Answer: B
Explanation:
Hearsay evidence is not normally admissible in court unless it has firsthand evidence that can be
used to prove the evidence's accuracy, trustworthiness, and reliability like a business person who
generated the computer logs and collected them.
It is important that this person generates and collects logs as a normal part of his business and not
just this one time for court. It has to be a documented process that is carried out daily.
The value of evidence depends upon the genuineness and competence of the source; therefore,
since record collection is not an activity likely to be performed by senior or executive management,
records collected by senior or executive management are not likely to be admissible in court.
Hearsay evidence is usually not admissible in court unless it meets the Business Records
Exemption rule to the Hearsay evidence.
• In certain instances computer records fall outside of the hearsay rule (e.g., business records
exemption)
• Information relates to regular business activities
• Automatically computer generated data
• No human intervention
• Prove system was operating correctly
• Prove no one changed the data
If you have a documented business process and you make use of intrusion detection tools, log
analysis tools, and you produce daily reports of activities, then the computer generated data might
be admissible in court and would not be considered Hearsay Evidence.
What is defined as inference of information from other, intermediate, relevant facts?
A. Secondary evidence B. Conclusive evidence C. Hearsay evidence D. Circumstantial evidence
Answer: D
Explanation:
Circumstantial evidence is defined as inference of information from other, intermediate, relevant
facts. Secondary evidence is a copy of evidence or oral description of its contents. Conclusive
evidence is incontrovertible and overrides all other evidence and hearsay evidence is evidence
that is not based on personal, first-hand knowledge of the witness, but was obtained from another
source. Computer-generated records normally fall under the category of hearsay evidence.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and
Ethics (page 310).
Question # 162
Which of the following statements is true about data encryption as a method of protecting data?
A. It should sometimes be used for password files B. It is usually easily administered C. It makes few demands on system resources D. It requires careful key management
Answer: D
Explanation:
In cryptography, you always assume the "bad guy" has the encryption algorithm (indeed, many
algorithms such as DES, Triple DES, AES, etc. are public domain). What the bad guy lacks is the
key used to complete that algorithm and encrypt/decrypt information. Therefore, protection of the
key, controlled distribution, scheduled key change, timely destruction, and several other factors
require careful consideration. All of these factors are covered under the umbrella term of "key
management".
Another significant consideration is the case of "data encryption as a method of protecting data" as
the question states. If that data is to be stored over a long period of time (such as on backup), you
must ensure that your key management scheme stores old keys for as long as they will be needed
to decrypt the information they encrypted.
The other answers are not correct because:
"It should sometimes be used for password files." - Encryption is often used to encrypt passwords
stored within password files, but it is not typically effective for the password file itself. On most
systems, if a user cannot access the contents of a password file, they cannot authenticate.
Encrypting the entire file prevents that access.
"It is usually easily administered." - Developments over the last several years have made
cryptography significantly easier to manage and administer. But it remains a significant challenge.
This is not a good answer.
"It makes few demands on system resources." - Cryptography is, essentially, a large complex
mathematical algorithm. In order to encrypt and decrypt information, the system must perform this
algorithm hundreds, thousands, or even millions/billions/trillions of times. This becomes system
resource intensive, making this a very bad answer.
Reference:
Official ISC2 Guide page: 266 (poor explanation)
All in One Third Edition page: 657 (excellent explanation)
Key Management - Page 732, All in One Fourth Edition
Question # 163
Which of the following is a problem regarding computer investigation issues?
A. Information is tangible. B. Evidence is easy to gather. C. Computer-generated records are only considered secondary evidence, thus are not as reliable asbest evidence. D. In many instances, an expert or specialist is not required.
Answer: C
Explanation:
Because computer-generated records normally fall under the category of hearsay evidence
because they cannot be proven accurate and reliable this can be a problem.
Under the U.S. Federal Rules of Evidence, hearsay evidence is generally not admissible in court.
This inadmissibility is known as the hearsay rule, although there are some exceptions for how,
when, by whom and in what circumstances data was collected.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and
Ethics (page 310).
IMPORTANT NOTE:
For the purpose of the exam it is very important to remember the Business Record exemption to
the Hearsay Rule. For example: if you create log files and review them on a regular basis as part
of a business process, such files would be admissable in court and they would not be considered
hearsay because they were made in the course of regular business and it is part of regular course
of business to create such record.
Here is another quote from the HISM book:
Business Record Exemption to the Hearsay Rule
Federal Rules of Evidence 803(6) allow a court to admit a report or other business document
made at or near the time by or from information transmitted by a person with knowledge, if kept in
the course of regularly conducted business activity, and if it was the regular practice of that
business activity to make the [report or document], all as shown by testimony of the custodian or
other qualified witness, unless the source of information or the method or circumstances of
preparation indicate lack of trustworthiness.
To meet Rule 803(6) the witness must:
• Have custody of the records in question on a regular basis.
• Rely on those records in the regular course of business.
• Know that they were prepared in the regular course of business.
Audit trails meet the criteria if they are produced in the normal course of business. The process to
produce the output will have to be proven to be reliable. If computer-generated evidence is used
and admissible, the court may order disclosure of the details of the computer, logs, and
maintenance records in respect to the system generating the printout, and then the defense may
use that material to attack the reliability of the evidence. If the audit trails are not used or reviewed
— at least the exceptions (e.g., failed log-on attempts) — in the regular course of business, they
do not meet the criteria for admissibility.
Federal Rules of Evidence 1001(3) provide another exception to the hearsay rule. This rule allows
a memory or disk dump to be admitted as evidence, even though it is not done in the regular
course of business. This dump merely acts as statement of fact. System dumps (in binary or
hexadecimal) are not hearsay because they are not being offered to prove the truth of the
contents, but only the state of the computer.
BUSINESS RECORDS LAW EXAMPLE:
The business records law was enacted in 1931 (PA No. 56). For a document to be admissible
under the statute, the proponent must show: (1) the document was made in the regular course of
business; (2) it was the regular course of business to make the record; and (3) the record was
made when the act, transaction, or event occurred, or shortly thereafter (State v. Vennard, 159
Conn. 385, 397 (1970); Mucci v. LeMonte, 157 Conn. 566, 570 (1969). The failure to establish any
one of these essential elements renders the document inadmissible under the statute (McCahill v.
Town and Country Associates, Ltd. , 185 Conn. 37 (1981); State v. Peary, 176 Conn. 170 (1978);
Welles v. Fish Transport Co. , , 123 Conn. 49 (1937).
The statute expressly provides that the person who made the business entry does not have to be
unavailable as a witness and the proponent does not have to call as a witness the person who
made the record or show the person to be unavailable (State v. Jeustiniano, 172 Conn. 275
(1977).
The person offering the business records as evidence does not have to independently prove the
trustworthiness of the record. But, there is no presumption that the record is accurate; the record's
accuracy and weight are issues for the trier of fact (State v. Waterman, 7 Conn. App. 326 (1986);
Handbook of Connecticut Evidence, Second Edition, § 11. 14. 3).
Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that:
A. The sender and recipient have reached a mutual agreement on the encryption key exchange that they will use. B. The channels through which the information flows are secure. C. The recipient's identity can be positively verified by the sender. D. The sender of the message is the only other person with access to the recipient's private key.
Answer: C
Explanation:
Through the use of Public Key Infrastructure (PKI) the recipient's identity can be positively verified
by the sender.
The sender of the message knows he is using a Public Key that belongs to a specific user. He can
validate through the Certification Authority (CA) that a public key is in fact the valid public key of
the receiver and the receiver is really who he claims to be. By using the public key of the recipient,
only the recipient using the matching private key will be able to decrypt the message. When you
wish to achieve confidentiality, you encrypt the message with the recipient public key.
If the sender would wish to prove to the recipient that he is really who he claims to be then the
sender would apply a digital signature on the message before encrypting it with the public key of
the receiver. This would provide Confidentiality and Authenticity of the message.
A PKI (Public Key Infrastructure) enables users of an insecure public network, such as the
Internet, to securely and privately exchange data through the use of public key-pairs that are
obtained and shared through a trusted authority, usually referred to as a Certificate Authority.
The PKI provides for digital certificates that can vouch for the identity of individuals or
organizations, and for directory services that can store, and when necessary, revoke those digital
certificates. A PKI is the underlying technology that addresses the issue of trust in a normally
untrusted environment.
The following answers are incorrect:
The sender and recipient have reached a mutual agreement on the encryption key exchange that
they will use. Is incorrect because through the use of Public Key Infrastructure (PKI), the parties
do not have to have a mutual agreement. They have a trusted 3rd party Certificate Authority to
perform the verification of the sender.
The channels through which the information flows are secure. Is incorrect because the use of
Public Key Infrastructure (PKI) does nothing to secure the channels.
The sender of the message is the only other person with access to the recipient's private key. Is
incorrect because the sender does not have access to the recipient's private key though Public
Key Infrastructure (PKI).
Reference(s) used for this question:
OIG CBK Cryptography (pages 253 - 254)
Question # 165
If an employee's computer has been used by a fraudulent employee to commit a crime, the harddisk may be seized as evidence and once the investigation is complete it would follow the normalsteps of the Evidence Life Cycle. In such case, the Evidence life cycle would not include which ofthe following steps listed below?
A. Acquisition collection and identification B. Analysis C. Storage, preservation, and transportation D. Destruction
Answer: D
Explanation:
Unless the evidence is illegal then it should be returned to owner, not destroyed.
The Evidence Life Cycle starts with the discovery and collection of the evidence. It progresses
through the following series of states until it is finally returned to the victim or owner:
• Acquisition collection and identification
• Analysis
• Storage, preservation, and transportation
• Presented in court
• Returned to victim (owner)
The Second edition of the ISC2 book says on page 529-530:
Identifying evidence: Correctly identifying the crime scene, evidence, and potential containers of
evidence.
Collecting or acquiring evidence: Adhering to the criminalistic principles and ensuring that the
contamination and the destruction of the scene are kept to a minimum. Using sound, repeatable,
collection techniques that allow for the demonstration of the accuracy and integrity of evidence, or
copies of evidence.
Examining or analyzing the evidence: Using sound scientific methods to determine the
characteristics of the evidence, conducting comparison for individuation of evidence, and
conducting event reconstruction.
Presentation of findings: Interpreting the output from the examination and analysis based on
findings of fact and articulating these in a format appropriate for the intended audience (e.g., court
brief, executive memo, report).
Note on returning the evidence to the Owner/Victim
The final destination of most types of evidence is back with its original owner. Some types of
evidence, such as
drugs or drug paraphernalia (i.e., contraband), are destroyed after the trial.
Any evidence gathered during a search, although maintained by law enforcement, is legally under
the control of the courts. And although a seized item may be yours and may even have your name
on it, it might not be returned to you unless the suspect signs a release or after a hearing by the
court. Unfortunately, many victims do not want to go to trial; they just want to get their property
back.
Many investigations merely need the information on a disk to prove or disprove a fact in question;
thus, there is no need to seize the entire system. Once a schematic of the system is drawn or
photographed, the hard disk can be removed and then transported to a forensic lab for copying.
Mirror copies of the suspect disk are obtained using forensic software and then one of those
copies can be returned to the victim so that business operations can resume.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and Ethics (page
309).
and
The Official Study Book, Second Edition, Page 529-230
Question # 166
Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?
A. Use of public key encryption to secure a secret key, and message encryption using the secret key. B. Use of the recipient's public key for encryption and decryption based on the recipient's private key. C. Use of software encryption assisted by a hardware encryption accelerator. D. Use of elliptic curve encryption.
Answer: A
Explanation:
A Public Key is also known as an asymmetric algorithm and the use of a secret key would be a
symmetric algorithm.
The following answers are incorrect:
Use of the recipient's public key for encryption and decryption based on the recipient's private key.
Is incorrect this would be known as an asymmetric algorithm.
Use of software encryption assisted by a hardware encryption accelerator. This is incorrect, it is a
distractor.
Use of Elliptic Curve Encryption. Is incorrect this would use an asymmetric algorithm.
Question # 167
Which of the following statements pertaining to disaster recovery is incorrect?
A. A recovery team's primary task is to get the pre-defined critical business functions at the alternatebackup processing site. B. A salvage team's task is to ensure that the primary site returns to normal processing conditions. C. The disaster recovery plan should include how the company will return from the alternate site tothe primary site. D. When returning to the primary site, the most critical applications should be brought back first.
Answer: D
Explanation:
It's interesting to note that the steps to resume normal processing operations will be different than
the steps in the recovery plan; that is, the least critical work should be brought back first to the
primary site.
My explanation:
at the point where the primary site is ready to receive operations again, less critical systems
should be brought back first because one has to make sure that everything will be running
smoothly at the primary site before returning critical systems, which are already operating normally
at the recovery site.
This will limit the possible interruption of processing to a minimum for most critical systems, thus
making it the best option.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity
Planning and Disaster Recovery Planning (page 291).
Question # 168
What is a characteristic of using the Electronic Code Book mode of DES encryption?
A. A given block of plaintext and a given key will always produce the same ciphertext. B. Repetitive encryption obscures any repeated patterns that may have been present in the plaintext. C. Individual characters are encoded by combining output from earlier encryption routines with plaintext. D. The previous DES output is used as input.
Answer: A
Explanation:
A given message and key always produce the same ciphertext.
The following answers are incorrect:
Repetitive encryption obscures any repeated patterns that may have been present in the plaintext.
Is incorrect because with Electronic Code Book a given 64 bit block of plaintext always produces
the same ciphertext
Individual characters are encoded by combining output from earlier encryption routines with
plaintext. This is incorrect because with Electronic Code Book processing 64 bits at a time until the
end of the file was reached. This is a characteristic of Cipher Feedback. Cipher Feedback the
ciphertext is run through a key-generating device to create the key for the next block of plaintext.
The previous DES output is used as input. Is incorrect because This is incorrect because with
Electronic Code Book processing 64 bits at a time until the end of the file was reached . This is a
characteristic of Cipher Block Chaining. Cipher Block Chaining uses the output from the previous
block to encrypt the next block.
Question # 169
Which of the following is the most complete disaster recovery plan test type, to be performed aftersuccessfully completing the Parallel test?
A. Full Interruption test B. Checklist test C. Simulation test D. Structured walk-through test
Answer: A
Explanation:
The difference between this and the full-interruption test is that the primary production processing
of the business does not stop; the test processing runs in parallel to the real processing. This is
the most common type of disaster recovery plan testing.
A checklist test is only considered a preliminary step to a real test.
In a structured walk-through test, business unit management representatives meet to walk through
the plan, ensuring it accurately reflects the organization's ability to recover successfully, at least on
paper.
A simulation test is aimed at testing the ability of the personnel to respond to a simulated disaster,
but not recovery process is actually performed.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity
Planning and Disaster Recovery Planning (page 289).
Question # 170
What algorithm was DES derived from?
A. Twofish. B. Skipjack. C. Brooks-Aldeman. D. Lucifer.
Answer: D
Explanation:
NSA took the 128-bit algorithm Lucifer that IBM developed, reduced the key size to 64 bits and
with that developed DES.
The following answers are incorrect:
Twofish. This is incorrect because Twofish is related to Blowfish as a possible replacement for
DES.
Skipjack. This is incorrect, Skipjack was developed after DES by the NSA .
Brooks-Aldeman. This is incorrect because this is a distractor, no algorithm exists with this name.
Question # 171
What can be defined as a batch process dumping backup data through communications lines to aserver at an alternate location?
A. Remote journaling B. Electronic vaulting C. Data clustering D. Database shadowing
Answer: B
Explanation:
Electronic vaulting refers to the transfer of backup data to an off-site location. This is primarily a
batch process of dumping backup data through communications lines to a server at an alternate
location.
Electronic vaulting is accomplished by backing up system data over a network. The backup
location is usually at a separate geographical location known as the vault site. Vaulting can be
used as a mirror or a backup mechanism using the standard incremental or differential backup
cycle. Changes to the host system are sent to the vault server in real-time when the backup
method is implemented as a mirror. If vaulting updates are recorded in real-time, then it will be
necessary to perform regular backups at the off-site location to provide recovery services due to
inadvertent or malicious alterations to user or system data.
The following are incorrect answers:
Remote journaling refers to the parallel processing of transactions to an alternate site (as opposed
to a batch dump process). Journaling is a technique used by database management systems to
provide redundancy for their transactions. When a transaction is completed, the database
management system duplicates the journal entry at a remote location. The journal provides
sufficient detail for the transaction to be replayed on the remote system. This provides for
database recovery in the event that the database becomes corrupted or unavailable.
Database shadowing uses the live processing of remote journaling, but creates even more
redundancy by duplicating the database sets to multiple servers. There are also additional
redundancy options available within application and database software platforms. For example,
database shadowing may be used where a database management system updates records in
multiple locations. This technique updates an entire copy of the database at a remote location.
Data clustering refers to the classification of data into groups (clusters). Clustering may also be
used, although it should not be confused with redundancy. In clustering, two or more “partners”
are joined into the cluster and may all provide service at the same time. For example, in an
active–active pair, both systems may provide services at any time. In the case of a failure, the
remaining partners may continue to provide service but at a decreased capacity.
The following resource(s) were used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 20403-20407 and 20411-20414 and 20375-20377 and 20280-
20283). Auerbach Publications. Kindle Edition.
Question # 172
Which of the following statements do not apply to a hot site?
A. It is expensive. B. There are cases of common overselling of processing capabilities by the service provider. C. It provides a false sense of security. D. It is accessible on a first come first serve basis. In case of large disaster it might not be accessible.
Answer: C
Explanation:
Remember this is a NOT question. Hot sites do not provide a false sense of security since they
are the best disaster recovery alternate for backup site that you rent.
A Cold, Warm, and Hot site is always a rental place in the context of the CBK. This is definivily the
best choices out of the rental options that exists. It is fully configured and can be activated in a
very short period of time.
Cold and Warm sites, not hot sites, provide a false sense of security because you can never fully
test your plan.
In reality, using a cold site will most likely make effective recovery impossible or could lead to
business closure if it takes more than two weeks for recovery.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity
Planning and Disaster Recovery Planning (page 284).
Question # 173
Which of the following encryption methods is known to be unbreakable?
A. Symmetric ciphers. B. DES codebooks. C. One-time pads. D. Elliptic Curve Cryptography.
Answer: C
Explanation:
A One-Time Pad uses a keystream string of bits that is generated completely at random that is
used only once. Because it is used only once it is considered unbreakable.
The following answers are incorrect:
Symmetric ciphers. This is incorrect because a Symmetric Cipher is created by substitution and
transposition. They can and have been broken
DES codebooks. This is incorrect because Data Encryption Standard (DES) has been broken, it
was replaced by Advanced Encryption Standard (AES).
Elliptic Curve Cryptography. This is incorrect because Elliptic Curve Cryptography or ECC is
typically used on wireless devices such as cellular phones that have small processors. Because of
the lack of processing power the keys used at often small. The smaller the key, the easier it is
considered to be breakable. Also, the technology has not been around long enough or tested
thourough enough to be considered truly unbreakable.
Question # 174
Which of the following statements pertaining to disaster recovery planning is incorrect?
A. Every organization must have a disaster recovery plan B. A disaster recovery plan contains actions to be taken before, during and after a disruptive event. C. The major goal of disaster recovery planning is to provide an organized way to make decisions if adisruptive event occurs. D. A disaster recovery plan should cover return from alternate facilities to primary facilities.
Answer: A
Explanation:
It is possible that an organization may not need a disaster recovery plan. An organization may not
have any critical processing areas or system and they would be able to withstand lengthy
interruptions.
Remember that DRP is related to systems needed to support your most critical business functions.
The DRP plan covers actions to be taken when a disaster occur but DRP PLANNING which is the
keywork in the question would also include steps that happen before you use the plan such as
development of the plan, training, drills, logistics, and a lot more.
To be effective, the plan would certainly cover before, during, and after the disaster actions.
It may take you a couple years to develop a plan for a medium size company, there is a lot that
has to happen before the plan would be actually used in a real disaster scenario. Plan for the
worst and hope for the best.
All other statements are true.
NOTE FROM CLEMENT:
Below is a great article on who legally needs a plan which is very much in line with this question.
Does EVERY company needs a plan? The legal answer is NO. Some companies, industries, will
be required according to laws or regulations to have a plan. A blank statement saying: All
companies MUST have a plan would not be accurate. The article below is specific to the USA but
similar laws will exist in many other countries.
Some companies such as utilities, power, etc... might also need plan if they have been defined as
Critical Infrastructure by the government. The legal side of IT is always very complex and varies in
different countries. Always talk to your lawyer to ensure you follow the law of the land :-)
Read the details below:
So Who, Legally, MUST Plan?
With the caveats above, let’s cover a few of the common laws where there is a duty to have a
disaster recovery plan. I will try to include the basis for that requirement, where there is an implied
mandate to do so, and what the difference is between the two
Banks and Financial Institutions MUST Have a Plan
The Federal Financial Institutions Examination Council (Council) was established on March 10,
1979, pursuant to Title X of the Financial Institutions Regulatory and Interest Rate Control Act of
1978 (FIRA), Public Law 95-630. In 1989, Title XI of the Financial Institutions Reform, Recovery
and Enforcement Act of 1989 (FIRREA) established the Examination Council (the Council).
The Council is a formal interagency body empowered to prescribe uniform principles, standards,
and report forms for the federal examination of financial institutions by the Board of Governors of
the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the
National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC),
and the Office of Thrift Supervision (OTS); and to make recommendations to promote uniformity in
the supervision of financial institutions. In other words, every bank, savings and loan, credit union,
and other financial institution is governed by the principles adopted by the Council.
In March of 2003, the Council released its Business Continuity Planning handbook designed to
provide guidance and examination procedures for examiners in evaluating financial institution and
service provider risk-management processes.
Stockbrokers MUST Have a Plan
The National Association of Securities Dealers (NASD) has adopted rules that require all its
members to have business continuity plans. The NASD oversees the activities of more than 5,100
brokerage firms, approximately 130,800 branch offices and more than 658,770 registered
securities representatives.
As of June 14, 2004, the rules apply to all NASD member firms. The requirements, which are
specified in Rule 3510, begin with the following:
3510. Business Continuity Plans. (a) Each member must create and maintain a written business
continuity plan identifying procedures relating to an emergency or significant business disruption.
Such procedures must be reasonably designed to enable the member to meet its existing
obligations to customers. In addition, such procedures must address the member’s existing
relationships with other broker-dealers and counter-parties. The business continuity plan must be
made available promptly upon request to NASD staff.
NOTE:
The rules apply to every company that deals in securities, such as brokers, dealers, and their
representatives, it does NOT apply to the listed companies themselves.
Electric Utilities WILL Need a Plan
The disaster recovery function relating to the electric utility grid is presently undergoing a change.
Prior to 2005, the Federal Energy Regulatory Commission (FERC) could only coordinate volunteer
efforts between utilities. This has changed with the adoption of Title XII of the Energy Policy Act of
2005 (16 U.S.C. 824o). That new law authorizes the FERC to create an Electric Reliability
Organization (ERO).
The ERO will have the capability to adopt and enforce reliability standards for "all users, owners,
and operators of the bulk power system" in the United States. At this time, FERC is in the process
of finalizing the rules for the creation of the ERO. Once the ERO is created, it will begin the
process of establishing reliability standards.
It is very safe to assume that the ERO will adopt standards for service restoration and disaster
recovery, particularly after such widespread disasters as Hurricane Katrina.
Telecommunications Utilities SHOULD Have Plans, but MIGHT NOT
Telecommunications utilities are governed on the federal level by the Federal Communications
Commission (FCC) for interstate services and by state Public Utility Commissions (PUCs) for
services within the state.
The FCC has created the Network Reliability and Interoperability Council (NRIC). The role of the
NRIC is to develop recommendations for the FCC and the telecommunications industry to "insure
[sic] optimal reliability, security, interoperability and interconnectivity of, and accessibility to, public
communications networks and the internet." The NRIC members are senior representatives of
providers and users of telecommunications services and products, including telecommunications
carriers, the satellite, cable television, wireless and computer industries, trade associations, labor
and consumer representatives, manufacturers, research organizations, and government-related
organizations.
There is no explicit provision that we could find that says telecommunications carriers must have a
Disaster Recovery Plan. As I have stated frequently in this series of articles on disaster recovery,
however, telecommunications facilities are tempting targets for terrorism. I have not changed my
mind in that regard and urge caution.
You might also want to consider what the liability of a telephone company is if it does have a
disaster that causes loss to your organization. In three words: It’s not much. The following is the
statement used in most telephone company tariffs with regard to its liability:
The Telephone Company’s liability, if any, for its gross negligence or willful misconduct is not
limited by this tariff. With respect to any other claim or suit, by a customer or any others, for
damages arising out of mistakes, omissions, interruptions, delays or errors, or defects in
transmission occurring in the course of furnishing services hereunder, the Telephone Company’s
liability, if any, shall not exceed an amount equivalent to the proportionate charge to the customer
for the period of service during which such mistake, omission, interruption, delay, error or defect in
transmission or service occurs and continues. (Source, General Exchange Tariff for major carrier)
All Health Care Providers WILL Need a Disaster Recovery Plan
HIPAA is an acronym for the Health Insurance Portability and Accountability Act of 1996, Public
Law 104-191, which amended the Internal Revenue Service Code of 1986. Also known as the
Kennedy-Kassebaum Act, the Act includes a section, Title II, entitled Administrative Simplification,
requiring "Improved efficiency in healthcare delivery by standardizing electronic data interchange,
and protection of confidentiality and security of health data through setting and enforcing
standards."
The legislation called upon the Department of Health and Human Services (HHS) to publish new
rules that will ensure security standards protecting the confidentiality and integrity of "individually
identifiable health information," past, present, or future.
The final Security Rule was published by HHS on February 20, 2003 and provides for a uniform
level of protection of all health information that is housed or transmitted electronically and that
pertains to an individual.
The Security Rule requires covered entities to ensure the confidentiality, integrity, and availability
of all electronic protected health information (ePHI) that the covered entity creates, receives,
maintains, or transmits. It also requires entities to protect against any reasonably anticipated
threats or hazards to the security or integrity of ePHI, protect against any reasonably anticipated
uses or disclosures of such information that are not permitted or required by the Privacy Rule, and
ensure compliance by their workforce.
Required safeguards include application of appropriate policies and procedures, safeguarding
physical access to ePHI, and ensuring that technical security measures are in place to protect
networks, computers and other electronic devices.
Companies with More than 10 Employees
The United States Department of Labor has adopted numerous rules and regulations in regard to
workplace safety as part of the Occupational Safety and Health Act. For example, 29 USC 654
specifically requires:
(a) Each employer:
(1) shall furnish to each of his employees employment and a place of employment which are free
from recognized hazards that are causing or are likely to cause death or serious physical harm to
his employees;
(2) shall comply with occupational safety and health standards promulgated under this Act.
(b) Each employee shall comply with occupational safety and health standards and all rules,
regulations, and orders issued pursuant to this Act which are applicable to his own actions and
conduct.
Other Considerations or Expensive Research QUESTION NO: s for Lawyers (Sorry, Eddie!)
The Foreign Corrupt Practices Act of 1977
Internal Revenue Service (IRS) Law for Protecting Taxpayer Information
Food and Drug Administration (FDA) Mandated Requirements
Homeland Security and Terrorist Prevention
Pandemic (Bird Flu) Prevention
ISO 9000 Certification
Requirements for Radio and TV Broadcasters
Contract Obligations to Customers
Document Protection and Retention Laws
Personal Identity Theft...and MORE!
Suffice it to say you will need to check with your legal department for specific requirements in your
business and industry!
I would like to thank my good friend, Eddie M. Pope, for his insightful contributions to this article,
our upcoming book, and my ever-growing pool of lawyer jokes. If you want more information on
the legal aspects of recovery planning, Eddie can be contacted at my company or via email at
mailto:mempope@tellawcomlabs.com. (Eddie cannot, of course, give you legal advice, but he can
point you in the right direction.)
I hope this article helps you better understand the complex realities of the legal reasons why we
A. It utilizes public key cryptography. B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. C. It depends upon symmetric ciphers. D. It is a second party authentication system.
Answer: C
Explanation:
Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third party authentication
protocol. It was designed and developed in the mid 1980's by MIT. It is considered open source
but is copyrighted and owned by MIT. It relies on the user's secret keys. The password is used to
encrypt and decrypt the keys.
The following answers are incorrect:
It utilizes public key cryptography. Is incorrect because Kerberos depends on secret keys
(symmetric ciphers).
It encrypts data after a ticket is granted, but passwords are exchanged in plain text. Is incorrect
because the passwords are not exchanged but used for encryption and decryption of the keys.
It is a second party authentication system. Is incorrect because Kerberos is a third party
authentication system, you authenticate to the third party (Kerberos) and not the system you are
A. Accidental B. Caused by internal hackers C. Caused by external hackers D. Related to Internet
Answer: A
Explanation:
The most likely source of exposure is from the uninformed, accidental or unknowing person,
although the greatest impact may be from those with malicious or fraudulent intent.
Source: Information Systems Audit and Control Association, Certified Information Systems Auditor
2002 review manual, Chapter 4: Protection of Information Assets (page 192).
Question # 182
Which of the following service is a distributed database that translate host name to IP address to IP address to host name?
A. DNS B. FTP C. SSH D. SMTP
Answer: A
Explanation:
The Domain Name System (DNS) is a hierarchical distributed naming system for computers,
services, or any resource connected to the Internet or a private network. It associates information
from domain names with each of the assigned entities. Most prominently, it translates easily
memorized domain names to the numerical IP addresses needed for locating computer services
and devices worldwide. The Domain Name System is an essential component of the functionality
of the Internet. This article presents a functional description of the Domain Name System.
For your exam you should know below information general Internet terminology:
Network access point - Internet service providers access internet using net access point.A
Network Access Point (NAP) was a public network exchange facility where Internet service
providers (ISPs) connected with one another in peering arrangements. The NAPs were a key
component in the transition from the 1990s NSFNET era (when many networks were government
sponsored and commercial traffic was prohibited) to the commercial Internet providers of today.
They were often points of considerable Internet congestion.
Internet Service Provider (ISP) - An Internet service provider (ISP) is an organization that provides
services for accessing, using, or participating in the Internet. Internet service providers may be
organized in various forms, such as commercial, community-owned, non-profit, or otherwise
privately owned. Internet services typically provided by ISPs include Internet access, Internet
transit, domain name registration, web hosting, co-location.
Telnet or Remote Terminal Control Protocol -A terminal emulation program for TCP/IP networks
such as the Internet. The Telnet program runs on your computer and connects your PC to a server
on the network. You can then enter commands through the Telnet program and they will be
executed as if you were entering them directly on the server console. This enables you to control
the server and communicate with other servers on the network. To start a Telnet session, you
must log in to a server by entering a valid username and password. Telnet is a common way to
remotely control Web servers.
Internet Link- Internet link is a connection between Internet users and the Internet service provider.
Secure Shell or Secure Socket Shell (SSH) - Secure Shell (SSH), sometimes known as Secure
Socket Shell, is a UNIX-based command interface and protocol for securely getting access to a
remote computer. It is widely used by network administrators to control Web and other kinds of
servers remotely. SSH is actually a suite of three utilities - slogin, ssh, and scp - that are secure
versions of the earlier UNIX utilities, rlogin, rsh, and rcp. SSH commands are encrypted and
secure in several ways. Both ends of the client/server connection are authenticated using a digital
certificate, and passwords are protected by being encrypted.
Domain Name System (DNS) - The Domain Name System (DNS) is a hierarchical distributed
naming system for computers, services, or any resource connected to the Internet or a private
network. It associates information from domain names with each of the assigned entities. Most
prominently, it translates easily memorized domain names to the numerical IP addresses needed
for locating computer services and devices worldwide. The Domain Name System is an essential
component of the functionality of the Internet. This article presents a functional description of the
Domain Name System.
File Transfer Protocol (FTP) - The File Transfer Protocol or FTP is a client/server application that
is used to move files from one system to another. The client connects to the FTP server,
authenticates and is given access that the server is configured to permit. FTP servers can also be
configured to allow anonymous access by logging in with an email address but no password. Once
connected, the client may move around between directories with commands available
Simple Mail Transport Protocol (SMTP) - SMTP (Simple Mail Transfer Protocol) is a TCP/IP
protocol used in sending and receiving e-mail. However, since it is limited in its ability to queue
messages at the receiving end, it is usually used with one of two other protocols, POP3 or IMAP,
that let the user save messages in a server mailbox and download them periodically from the
server. In other words, users typically use a program that uses SMTP for sending e-mail and either
POP3 or IMAP for receiving e-mail. On Unix-based systems, send mail is the most widely-used
SMTP server for e-mail. A commercial package, Send mail, includes a POP3 server. Microsoft
Exchange includes an SMTP server and can also be set up to include POP3 support.
The following answers are incorrect:
SMTP - Simple Mail Transport Protocol (SMTP) - SMTP (Simple Mail Transfer Protocol) is a
TCP/IP protocol used in sending and receiving e-mail. However, since it is limited in its ability to
queue messages at the receiving end, it is usually used with one of two other protocols, POP3 or
IMAP, that let the user save messages in a server mailbox and download them periodically from
the server. In other words, users typically use a program that uses SMTP for sending e-mail and
either POP3 or IMAP for receiving e-mail. On Unix-based systems, send mail is the most widelyused SMTP server for e-mail. A commercial package, Send mail, includes a POP3 server.
Microsoft Exchange includes an SMTP server and can also be set up to include POP3 support.
FTP - The File Transfer Protocol or FTP is a client/server application that is used to move files
from one system to another. The client connects to the FTP server, authenticates and is given
access that the server is configured to permit. FTP servers can also be configured to allow
anonymous access by logging in with an email address but no password. Once connected, the
client may move around between directories with commands available
SSH - Secure Shell (SSH), sometimes known as Secure Socket Shell, is a UNIX-based command
interface and protocol for securely getting access to a remote computer. It is widely used by
network administrators to control Web and other kinds of servers remotely. SSH is actually a suite
of three utilities - slogin, ssh, and scp - that are secure versions of the earlier UNIX utilities, rlogin,
rsh, and rcp. SSH commands are encrypted and secure in several ways. Both ends of the
client/server connection are authenticated using a digital certificate, and passwords are protected
by being encrypted.
The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 273 and 274
Question # 183
What can be defined as an event that could cause harm to the information systems?
A. A risk B. A threat C. A vulnerability D. A weakness
Answer: B
Explanation:
A threat is an event or activity that has the potential to cause harm to the information systems. A
risk is the probability that a threat will materialize. A vulnerability, or weakness, is a lack of a
safeguard, which may be exploited by a threat, causing harm to the information systems.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 1: Access Control Systems
(page 32).
Question # 184
When should a post-mortem review meeting be held after an intrusion has been properly takencare of?
A. Within the first three months after the investigation of the intrusion is completed. B. Within the first week after prosecution of intruders have taken place, whether successful or not. C. Within the first month after the investigation of the intrusion is completed. D. Within the first week of completing the investigation of the intrusion.
Answer: D
Explanation:
A post-mortem review meeting should be held with all involved parties within three to five working
days of completing the investigation of the intrusion. Otherwise, participants are likely to forget
critical information. Even if it enabled an organization to validate the correctness of its chain of
custody of evidence, it would not make sense to wait until prosecution is complete because it
would take too much time and many cases of intrusion never get to court anyway.
Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, AddisonWesley, 2001, Chapter 7: Responding to Intrusions (page 297).
Question # 185
When referring to a computer crime investigation, which of the following would be the MOSTimportant step required in order to preserve and maintain a proper chain of custody of evidence:
A. Evidence has to be collected in accordance with all laws and all legal regulations. B. Law enforcement officials should be contacted for advice on how and when to collect criticalinformation. C. Verifiable documentation indicating the who, what, when, where, and how the evidence washandled should be available. D. Log files containing information regarding an intrusion are retained for at least as long as normalbusiness records, and longer in the case of an ongoing investigation.
Answer: C
Explanation:
Two concepts that are at the heart of dealing effectively with digital/electronic evidence, or any
evidence for that matter, are the chain of custody and authenticity/integrity.
The chain of custody refers to the who, what, when, where, and how the evidence was
handled—from its identification through its entire life cycle, which ends with destruction or
permanent archiving.
Any break in this chain can cast doubt on the integrity of the evidence and on the professionalism
of those directly involved in either the investigation or the collection and handling of the evidence.
The chain of custody requires following a formal process that is well documented and forms part of
a standard operating procedure that is used in all cases, no exceptions.
The following are incorrect answers:
Evidence has to be collected in accordance with all laws and legal regulations. Evidence would
have to be collected in accordance with applicable laws and regulations but not necessarily with
ALL laws and regulations. Only laws and regulations that applies would be followed.
Law enforcement officials should be contacted for advice on how and when to collect critical
information. It seems you failed to do your homework, once you have an incident it is a bit late to
do this. Proper crime investigation as well as incident response is all about being prepared ahead
of time. Obviously, you are improvising if you need to call law enforcement to find out what to do. It
is a great way of contaminating your evidence by mistake if you don't have a well documented
processs with clear procedures that needs to be followed.
Log files containing information regarding an intrusion are retained for at least as long as normal
business records, and longer in the case of an ongoing investigation. Specific legal requirements
exists for log retention and they are not the same as normal business records. Laws such as
Basel, HIPPAA, SOX, and others has specific requirements.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley,
2001, Chapter 7: Responding to Intrusions (pages 282-285).
Question # 186
While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the most?
A. Key session exchange B. Packet Header Source or Destination address C. VPN cryptographic key size D. Crypotographic algorithm used
Answer: B
Explanation:
It may seem odd to have two different protocols that provide overlapping functionality.
AH provides authentication and integrity, and ESP can provide those two functions and
confidentiality.
Why even bother with AH then?
In most cases, the reason has to do with whether the environment is using network address
translation (NAT). IPSec will generate an integrity check value (ICV), which is really the same
thing as a MAC value, over a portion of the packet. Remember that the sender and receiver
generate their own values. In IPSec, it is called an ICV value. The receiver compares her ICV
value with the one sent by the sender. If the values match, the receiver can be assured the packet
has not been modified during transmission. If the values are different, the packet has been altered
and the receiver discards the packet.
The AH protocol calculates this ICV over the data payload, transport, and network headers. If the
packet then goes through a NAT device, the NAT device changes the IP address of the packet.
That is its job. This means a portion of the data (network header) that was included to calculate
the ICV value has now changed, and the receiver will generate an ICV value that is different from
the one sent with the packet, which means the packet will be discarded automatically.
The ESP protocol follows similar steps, except it does not include the network header portion
when calculating its ICV value. When the NAT device changes the IP address, it will not affect the
receiver’s ICV value because it does not include the network header when calculating the ICV.
Here is a tutorial on IPSEC from the Shon Harris Blog:
The Internet Protocol Security (IPSec) protocol suite provides a method of setting up a secure
channel for protected data exchange between two devices. The devices that share this secure
channel can be two servers, two routers, a workstation and a server, or two gateways between
different networks. IPSec is a widely accepted standard for providing network layer protection. It
can be more flexible and less expensive than end-to end and link encryption methods.
IPSec has strong encryption and authentication methods, and although it can be used to enable
tunneled communication between two computers, it is usually employed to establish virtual private
networks (VPNs) among networks across the Internet.
IPSec is not a strict protocol that dictates the type of algorithm, keys, and authentication method to
use. Rather, it is an open, modular framework that provides a lot of flexibility for companies when
they choose to use this type of technology. IPSec uses two basic security protocols:
Authentication Header (AH) and Encapsulating Security Payload (ESP). AH is the authenticating
protocol, and ESP is an authenticating and encrypting protocol that uses cryptographic
mechanisms to provide source authentication, confidentiality, and message integrity.
IPSec can work in one of two modes: transport mode, in which the payload of the message is
protected, and tunnel mode, in which the payload and the routing and header information are
protected. ESP in transport mode encrypts the actual message information so it cannot be sniffed
and uncovered by an unauthorized entity. Tunnel mode provides a higher level of protection by
also protecting the header and trailer data an attacker may find useful. Figure 8-26 shows the
high-level view of the steps of setting up an IPSec connection.
Each device will have at least one security association (SA) for each VPN it uses. The SA, which
is critical to the IPSec architecture, is a record of the configurations the device needs to support an
IPSec connection. When two devices complete their handshaking process, which means they
have agreed upon a long list of parameters they will use to communicate, these data must be
recorded and stored somewhere, which is in the SA.
The SA can contain the authentication and encryption keys, the agreed-upon algorithms, the key
lifetime, and the source IP address. When a device receives a packet via the IPSec protocol, it is
the SA that tells the device what to do with the packet. So if device B receives a packet from
device C via IPSec, device B will look to the corresponding SA to tell it how to decrypt the packet,
how to properly authenticate the source of the packet, which key to use, and how to reply to the
message if necessary.
SAs are directional, so a device will have one SA for outbound traffic and a different SA for
inbound traffic for each individual communication channel. If a device is connecting to three
devices, it will have at least six SAs, one for each inbound and outbound connection per remote
device. So how can a device keep all of these SAs organized and ensure that the right SA is
invoked for the right connection? With the mighty secu rity parameter index (SPI), that’s how. Each
device has an SPI that keeps track of the different SAs and tells the device which one is
appropriate to invoke for the different packets it receives. The SPI value is in the header of an
IPSec packet, and the device reads this value to tell it which SA to consult.
IPSec can authenticate the sending devices of the packet by using MAC (covered in the earlier
section, “The One-Way Hash”). The ESP protocol can provide authentication, integrity, and
confidentiality if the devices are configured for this type of functionality.
So if a company just needs to make sure it knows the source of the sender and must be assured
of the integrity of the packets, it would choose to use AH. If the company would like to use these
services and also have confidentiality, it would use the ESP protocol because it provides
encryption functionality. In most cases, the reason ESP is employed is because the company must
set up a secure VPN connection.
It may seem odd to have two different protocols that provide overlapping functionality. AH provides
authentication and integrity, and ESP can provide those two functions and confidentiality. Why
even bother with AH then? In most cases, the reason has to do with whether the environment is
using network address translation (NAT). IPSec will generate an integrity check value (ICV), which
is really the same thing as a MAC value, over a portion of the packet. Remember that the sender
and receiver generate their own values. In IPSec, it is called an ICV value. The receiver compares
her ICV value with the one sent by the sender. If the values match, the receiver can be assured
the packet has not been modified during transmission. If the values are different, the packet has
been altered and the receiver discards the packet.
The AH protocol calculates this ICV over the data payload, transport, and network headers. If the
packet then goes through a NAT device, the NAT device changes the IP address of the packet.
That is its job. This means a portion of the data (network header) that was included to calculate
the ICV value has now changed, and the receiver will generate an ICV value that is different from
the one sent with the packet, which means the packet will be discarded automatically.
The ESP protocol follows similar steps, except it does not include the network header portion
when calculating its ICV value. When the NAT device changes the IP address, it will not affect the
receiver’s ICV value because it does not include the network header when calculating the ICV.
Because IPSec is a framework, it does not dictate which hashing and encryption algorithms are to
be used or how keys are to be exchanged between devices. Key management can be handled
manually or automated by a key management protocol. The de facto standard for IPSec is to use
Internet Key Exchange (IKE), which is a combination of the ISAKMP and OAKLEY protocols. The
Internet Security Association and Key Management Protocol (ISAKMP) is a key exchange
architecture that is independent of the type of keying mechanisms used. Basically, ISAKMP
provides the framework of what can be negotiated to set up an IPSec connection (algorithms,
protocols, modes, keys). The OAKLEY protocol is the one that carries out the negotiation process.
You can think of ISAKMP as providing the playing field (the infrastructure) and OAKLEY as the
guy running up and down the playing field (carrying out the steps of the negotiation).
IPSec is very complex with all of its components and possible configurations. This complexity is
what provides for a great degree of flexibility, because a company has many different configuration
choices to achieve just the right level of protection. If this is all new to you and still confusing,
please review one or more of the following references to help fill in the gray areas.
The following answers are incorrect:
The other options are distractors.
The following reference(s) were/was used to create this question:
In order to be able to successfully prosecute an intruder:
A. A point of contact should be designated to be responsible for communicating with law enforcementand other external agencies. B. A proper chain of custody of evidence has to be preserved. C. Collection of evidence has to be done following predefined procedures. D. Whenever possible, analyze a replica of the compromised resource, not the original, therebyavoiding inadvertently tamping with evidence.
Answer: B
Explanation:
If you intend on prosecuting an intruder, evidence has to be collected in a lawful manner and, most
importantly, protected through a secure chain-of-custody procedure that tracks who has been
involved in handling the evidence and where it has been stored. All other choices are all important
points, but not the best answer, since no prosecution is possible without a proper, provable chain
of custody of evidence.
Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, AddisonWesley, 2001, Chapter 7: Responding to Intrusions (pages 282-285).
Question # 188
When first analyzing an intrusion that has just been detected and confirming that it is a truepositive, which of the following actions should be done as a first step if you wish to prosecute theattacker in court?
A. Back up the compromised systems. B. Identify the attacks used to gain access. C. Capture and record system information. D. Isolate the compromised systems.
Answer: C
Explanation:
When an intrusion has been detected and confirmed, if you wish to prosecute the attacker in court,
the following actions should be performed in the following order:
Capture and record system information and evidence that may be lost, modified, or not captured
during the execution of a backup procedure. Start with the most volative memory areas first.
Make at least two full backups of the compromised systems, using hardware-write-protectable or
write-once media. A first backup may be used to re-install the compromised system for further
analysis and the second one should be preserved in a secure location to preserve the chain of
custody of evidence.
Isolate the compromised systems.
Search for signs of intrusions on other systems.
Examine logs in order to gather more information and better identify other systems to which the
intruder might have gained access.
Search through logs of compromised systems for information that would reveal the kind of attacks
used to gain access.
Identify what the intruder did, for example by analyzing various log files, comparing checksums of
known, trusted files to those on the compromised machine and by using other intrusion analysis
tools.
Regardless of the exact steps being followed, if you wish to prosecute in a court of law it means
you MUST capture the evidence as a first step before it could be lost or contaminated. You always
start with the most volatile evidence first.
NOTE:
I have received feedback saying that some other steps may be done such as Disconnecting the
system from the network or shutting down the system. This is true. However, those are not
choices listed within the 4 choices attached to this question, you MUST avoid changing the
question. You must stick to the four choices presented and pick which one is the best out of the
four presented.
In real life, Forensic is not always black or white. There are many shades of grey. In real life you
would have to consult your system policy (if you have one), get your Computer Incident team
involved, and talk to your forensic expert and then decide what is the best course of action.
ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley,
2001, Chapter 7: Responding to Intrusions (pages 273-277).
Question # 189
At which layer of ISO/OSI does the fiber optics work?
A. Network layer B. Transport layer C. Data link layer D. Physical layer
Answer: D
Explanation:
The Answer: Physical layer The Physical layer is responsible for the transmission of the data
through the physical medium. This includes such things as cables. Fiber optics is a cabling
mechanism which works at Physical layer of OSI model
All of the other answers are incorrect.
The following reference(s) were/was used to create this question:
Shon Harris all in one - Chapter 7 (Cabling)
Question # 190
When a possible intrusion into your organization's information system has been detected, which ofthe following actions should be performed first?
A. Eliminate all means of intruder access. B. Contain the intrusion. C. Determine to what extent systems and data are compromised. D. Communicate with relevant parties.
Answer: C
Explanation:
Once an intrusion into your organization's information system has been detected, the first action
that needs to be performed is determining to what extent systems and data are compromised (if
they really are), and then take action.
This is the good old saying: "Do not cry wolf until you know there is a wolf for sure" Sometimes it
smells like a wolf, it looks like a wolf, but it may not be a wolf. Technical problems or bad hardware
might cause problems that looks like an intrusion even thou it might not be. You must make sure
that a crime has in fact been committed before implementing your reaction plan.
Information, as collected and interpreted through analysis, is key to your decisions and actions
while executing response procedures. This first analysis will provide information such as what
attacks were used, what systems and data were accessed by the intruder, what the intruder did
after obtaining access and what the intruder is currently doing (if the intrusion has not been
contained).
The next step is to communicate with relevant parties who need to be made aware of the intrusion
in a timely manner so they can fulfil their responsibilities.
Step three is concerned with collecting and protecting all information about the compromised
systems and causes of the intrusion. It must be carefully collected, labelled, catalogued, and
securely stored.
Containing the intrusion, where tactical actions are performed to stop the intruder's access, limit
the extent of the intrusion, and prevent the intruder from causing further damage, comes next.
Since it is more a long-term goal, eliminating all means of intruder access can only be achieved
last, by implementing an ongoing security improvement process.
Reference used for this question:
ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley,
2001, Chapter 7: Responding to Intrusions (pages 271-289).
Question # 191
Which of the following media is MOST resistant to EMI interference?
A. microwave B. fiber optic C. twisted pair D. coaxial cable
Answer: B
Explanation:
A fiber optic cable is a physical medium that is capable of conducting modulated light trasmission.
Fiber optic cable carries signals as light waves, thus creating higher trasmission speeds and
greater distances due to less attenuation. This type of cabling is more difficult to tap than other
cabling and is most resistant to interference, especially EMI.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and
Network Security (page 103).
Question # 192
Which of the following questions is less likely to help in assessing an organization's contingencyplanning controls?
A. Is damaged media stored and/or destroyed? B. Are the backup storage site and alternate site geographically far enough from the primary site? C. Is there an up-to-date copy of the plan stored securely off-site? D. Is the location of stored backups identified?
Answer: A
Explanation:
Contingency planning involves more than planning for a move offsite after a disaster destroys a
facility.
It also addresses how to keep an organization's critical functions operating in the event of
disruptions, large and small.
Handling of damaged media is an operational task related to regular production and is not specific
to contingency planning.
Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide
for Information Technology Systems, November 2001 (Pages A-27 to A-28).
Question # 193
What is a packet sniffer?
A. It tracks network connections to off-site locations. B. It monitors network traffic for illegal packets. C. It scans network segments for cabling faults. D. It captures network traffic for later analysis.
Answer: D
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 194
Which of the following is an advantage of a qualitative over a quantitative risk analysis?
A. It prioritizes the risks and identifies areas for immediate improvement in addressing thevulnerabilities. B. It provides specific quantifiable measurements of the magnitude of the impacts. C. It makes a cost-benefit analysis of recommended controls easier. D. It can easily be automated.
Answer: A
Explanation:
The main advantage of the qualitative impact analysis is that it prioritizes the risks and identifies
areas for immediate improvement in addressing the vulnerabilities. It does not provide specific
quantifiable measurements of the magnitude of the impacts, therefore making a cost-analysis of
any recommended controls difficult. Since it involves a consensus of export and some guesswork
based on the experience of Subject Matter Experts (SME's), it can not be easily automated.
Reference used for this question:
STONEBURNER, Gary et al., NIST Special publication 800-30, Risk management Guide for
Information Technology Systems, 2001 (page 23).
Question # 195
Which type of attack would a competitive intelligence attack best classify as?
A. Business attack B. Intelligence attack C. Financial attack D. Grudge attack
Answer: A
Explanation:
Business attacks concern information loss through competitive intelligence gathering and
computer-related attacks. These attacks can be very costly due the loss of trade secrets and
reputation.
Intelligence attacks are aimed at sensitive military and law enforcement files containing military
data and investigation reports.
Financial attacks are concerned with frauds to banks and large corporations.
Grudge attacks are targeted at individuals and companies who have done something that the
attacker doesn't like.
The CISSP for Dummies book has nice coverage of the different types of attacks, here is an
extract:
Terrorism Attacks
Terrorism exists at many levels on the Internet. In April 2001, during a period of tense relations
between China and the U.S. (resulting from the crash landing of a U.S. Navy reconnaissance
plane on Hainan Island), Chinese hackers ( cyberterrorists ) launched a major effort to disrupt
critical U.S. infrastructure, which included U.S. government and military systems.
Following the terrorist attacks against the U.S. on September 11, 2001, the general public became
painfully aware of the extent of terrorism on the Internet. Terrorist organizations and cells are
using online capabilities to coordinate attacks, transfer funds, harm international commerce,
disrupt critical systems, disseminate propaganda, and gain useful information about developing
techniques and instruments of terror, including nuclear , biological, and chemical weapons.
Military and intelligence attacks
Military and intelligence attacks are perpetrated by criminals, traitors, or foreign intelligence agents
seeking classified law enforcement or military information. Such attacks may also be carried out by
governments during times of war and conflict.
Financial attacks
Banks, large corporations, and e-commerce sites are the targets of financial attacks, all of which
are motivated by greed. Financial attacks may seek to steal or embezzle funds, gain access to
online financial information, extort individuals or businesses, or obtain the personal credit card
numbers of customers.
Business attacks
Businesses are becoming the targets of more and more computer and Internet attacks. These
attacks include competitive intelligence gathering, denial of service, and other computer- related
attacks. Businesses are often targeted for several reasons including
Lack of expertise: Despite heightened security awareness, a shortage of qualified security
professionals still exists, particularly in private enterprise.
Lack of resources: Businesses often lack the resources to prevent, or even detect, attacks against
their systems.
Lack of reporting or prosecution : Because of public relations concerns and the inability to
prosecute computer criminals due to either a lack of evidence or a lack of properly handled
evidence, the majority of business attacks still go unreported.
The cost to businesses can be significant, including loss of trade secrets or proprietary
information, loss of revenue, and loss of reputation.
Grudge attacks
Grudge attacks are targeted at individuals or businesses and are motivated by a desire to take
revenge against a person or organization. A disgruntled employee, for example, may steal trade
secrets, delete valuable data, or plant a logic bomb in a critical system or application.
Fortunately, these attacks (at least in the case of a disgruntled employee) can be easier to prevent
or prosecute than many other types of attacks because:
The attacker is often known to the victim.
The attack has a visible impact that produces a viable evidence trail.
Most businesses (already sensitive to the possibility of wrongful termination suits ) have wellestablished termination procedures
“Fun” attacks
“Fun” attacks are perpetrated by thrill seekers and script kiddies who are motivated by curiosity or
excitement. Although these attackers may not intend to do any harm or use any of the information
that they access, they’re still dangerous and their activities are still illegal.
These attacks can also be relatively easy to detect and prosecute. Because the perpetrators are
often script kiddies or otherwise inexperienced hackers, they may not know how to cover their
tracks effectively.
Also, because no real harm is normally done nor intended against the system, it may be tempting
(although ill advised) for a business to prosecute the individual and put a positive public relations
spin on the incident. You’ve seen the film at 11: “We quickly detected the attack, prevented any
harm to our network, and prosecuted the responsible individual; our security is unbreakable !”
Such action, however, will likely motivate others to launch a more serious and concerted grudge
attack against the business.
Many computer criminals in this category only seek notoriety. Although it’s one thing to brag to a
small circle of friends about defacing a public Web site, the wily hacker who appears on CNN
reaches the next level of hacker celebrity-dom. These twisted individuals want to be caught to
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 197
Why would a memory dump be admissible as evidence in court?
A. Because it is used to demonstrate the truth of the contents. B. Because it is used to identify the state of the system. C. Because the state of the memory cannot be used as evidence. D. Because of the exclusionary rule.
Answer: B
Explanation:
A memory dump can be admitted as evidence if it acts merely as a statement of fact. A system
dump is not considered hearsay because it is used to identify the state of the system, not the truth
of the contents. The exclusionary rule mentions that evidence must be gathered legally or it can't
Why is traffic across a packet switched network difficult to monitor?
A. Packets are link encrypted by the carrierl B. Government regulations forbids monitoring C. Packets can take multiple paths when transmitted D. The network factor is too high
Answer: C
Explanation:
With a packet switched network, packets are difficult to monitor because they can be transmitted
using different paths.
A packet-switched network is a digital communications network that groups all transmitted data,
irrespective of content, type, or structure into suitably sized blocks, called packets. The network
over which packets are transmitted is a shared network which routes each packet independently
from all others and allocates transmission resources as needed.
The principal goals of packet switching are to optimize utilization of available link capacity,
minimize response times and increase the robustness of communication. When traversing network
adapters, switches and other network nodes, packets are buffered and queued, resulting in
variable delay and throughput, depending on the traffic load in the network.
Most modern Wide Area Network (WAN) protocols, including TCP/IP, X.25, and Frame Relay, are
based on packet-switching technologies. In contrast, normal telephone service is based on a
circuit-switching technology, in which a dedicated line is allocated for transmission between two
parties. Circuit-switching is ideal when data must be transmitted quickly and must arrive in the
same order in which it's sent. This is the case with most real-time data, such as live audio and
video. Packet switching is more efficient and robust for data that can withstand some delays in
transmission, such as e-mail messages and Web pages.
All of the other answer are wrong
Reference(s) used for this question:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Which of the following would best describe secondary evidence?
A. Oral testimony by a non-expert witness B. Oral testimony by an expert witness C. A copy of a piece of evidence D. Evidence that proves a specific act
Answer: C
Explanation:
Secondary evidence is defined as a copy of evidence or oral description of its contents. It is
considered not as reliable as best evidence. Evidence that proves or disproves a specific act
through oral testimony based on information gathered through he witness's five senses is
considered direct evidence. The fact that testimony is given by an expert only affects the witness's
ability to offer an opinion instead of only testifying of the facts.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and
Ethics (page 310).
Question # 200
Which of the following would be MOST important to guarantee that the computer evidence will beadmissible in court?
A. It must prove a fact that is immaterial to the case. B. Its reliability must be proven. C. The process for producing it must be documented and repeatable. D. The chain of custody of the evidence must show who collected, secured, controlled, handled,transported the evidence, and that it was not tampered with.
Answer: D
Explanation:
It has to be material, relevant and reliable, and the chain of custody must be maintained, it is
unlikely that it will be admissible in court if it has been tampered with.
The following answers are incorrect:
It must prove a fact that is immaterial to the case. Is incorrect because evidence must be relevant.
If it is immaterial then it is not relevant.
Its reliability must be proven. Is incorrect because it is not the best answer. While evidence must
be relevant if the chain of custody cannot be verified, then the evidence could lose it's credibility
because there is no proof that the evidence was not tampered with. So, the correct answer above
is the BEST answer.
The process for producing it must be documented and repeatable. Is incorrect because just
because the process is documented and repeatable does not mean that it will be the same. This
amounts to Corroborative Evidence that may help to support a case.
Question # 201
Another name for a VPN is a:
A. tunnel B. one-time password C. pipeline D. bypass
Answer: A
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation
Question # 202
Computer-generated evidence is considered:
A. Best evidence B. Second hand evidence C. Demonstrative evidence D. Direct evidence
Answer: B
Explanation:
Computer-generated evidence normally falls under the category of hearsay evidence, or second658
hand evidence, because it cannot be proven accurate and reliable. Under the U.S. Federal Rules
of Evidence, hearsay evidence is generally not admissible in court. Best evidence is original or
primary evidence rather than a copy or duplicate of the evidence. It does not apply to computergenerated evidence. Direct evidence is oral testimony by witness. Demonstrative evidence are
used to aid the jury (models, illustrations, charts).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and
Ethics (page 310).
And: ROTHKE, Ben, CISSP CBK Review presentation on domain 9.
Question # 203
Layer 4 of the OSI stack is known as:
A. the data link layer B. the transport layer C. the network layer D. the presentation layer
Answer: B
Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 204
Within the legal domain what rule is concerned with the legality of how the evidence was gathered?
A. Exclusionary rule B. Best evidence rule C. Hearsay rule D. Investigation rule
Answer: A
Explanation:
The exclusionary rule mentions that evidence must be gathered legally or it can't be used.
The principle based on federal Constitutional Law that evidence illegally seized by law
enforcement officers in violation of a suspect's right to be free from unreasonable searches and
seizures cannot be used against the suspect in a criminal prosecution.
The exclusionary rule is designed to exclude evidence obtained in violation of a criminal
defendant's Fourth Amendment rights. The Fourth Amendment protects against unreasonable
searches and seizures by law enforcement personnel. If the search of a criminal suspect is
unreasonable, the evidence obtained in the search will be excluded from trial.
The exclusionary rule is a court-made rule. This means that it was created not in statutes passed
by legislative bodies but rather by the U.S. Supreme Court. The exclusionary rule applies in
federal courts by virtue of the Fourth Amendment. The Court has ruled that it applies in state
courts although the due process clause of the Fourteenth Amendment.(The Bill of Rights—the first
ten amendments— applies to actions by the federal government. The Fourteenth Amendment, the
Court has held, makes most of the protections in the Bill of Rights applicable to actions by the
states.)
The exclusionary rule has been in existence since the early 1900s. Before the rule was fashioned,
any evidence was admissible in a criminal trial if the judge found the evidence to be relevant. The
manner in which the evidence had been seized was not an issue. This began to change in 1914,
when the U.S. Supreme Court devised a way to enforce the Fourth Amendment. In Weeks v.
United States, 232 U.S. 383, 34 S. Ct. 341, 58 L. Ed. 652 (1914), a federal agent had conducted a
warrantless search for evidence of gambling at the home of Fremont Weeks. The evidence seized
in the search was used at trial, and Weeks was convicted. On appeal, the Court held that the
Fourth Amendment barred the use of evidence secured through a warrantless search. Weeks's
conviction was reversed, and thus was born the exclusionary rule.
The best evidence rule concerns limiting potential for alteration. The best evidence rule is a
common law rule of evidence which can be traced back at least as far as the 18th century. In
Omychund v Barker (1745) 1 Atk, 21, 49; 26 ER 15, 33, Lord Harwicke stated that no evidence
was admissible unless it was "the best that the nature of the case will allow". The general rule is
that secondary evidence, such as a copy or facsimile, will be not admissible if an original
document exists, and is not unavailable due to destruction or other circumstances indicating
unavailability.
The rationale for the best evidence rule can be understood from the context in which it arose: in
the eighteenth century a copy was usually made by hand by a clerk (or even a litigant). The best
evidence rule was predicated on the assumption that, if the original was not produced, there was a
significant chance of error or fraud in relying on such a copy.
The hearsay rule concerns computer-generated evidence, which is considered second-hand
evidence.
Hearsay is information gathered by one person from another concerning some event, condition, or
thing of which the first person had no direct experience. When submitted as evidence, such
statements are called hearsay evidence. As a legal term, "hearsay" can also have the narrower
meaning of the use of such information as evidence to prove the truth of what is asserted. Such
use of "hearsay evidence" in court is generally not allowed. This prohibition is called the hearsay
rule.
For example, a witness says "Susan told me Tom was in town". Since the witness did not see Tom
in town, the statement would be hearsay evidence to the fact that Tom was in town, and not
admissible. However, it would be admissible as evidence that Susan said Tom was in town, and
on the issue of her knowledge of whether he was in town.
Hearsay evidence has many exception rules. For the purpose of the exam you must be familiar
with the business records exception rule to the Hearsay Evidence. The business records created
during the ordinary course of business are considered reliable and can usually be brought in under
this exception if the proper foundation is laid when the records are introduced into evidence.
Depending on which jurisdiction the case is in, either the records custodian or someone with
knowledge of the records must lay a foundation for the records. Logs that are collected as part of a
document business process being carried at regular interval would fall under this exception. They
could be presented in court and not be considered Hearsay.
Investigation rule is a detractor.
Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 9.
Why does fiber optic communication technology have significant security advantage over other transmission technology?
A. Higher data rates can be transmitted. B. Interception of data traffic is more difficult. C. Traffic analysis is prevented by multiplexing. D. Single and double-bit errors are correctable.
Answer: B
Explanation:
It would be correct to select the first answer if the world "security" was not in the question.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Question # 206
Failure of a contingency plan is usually:
A. A technical failure. B. A management failure. C. Because of a lack of awareness. D. Because of a lack of training.
Answer: B
Explanation:
Failure of a contingency plan is usually management failure to exhibit ongoing interest and
concern about the BCP/DRP effort, and to provide financial and other resources as needed. Lack
of management support will result in a lack awareness and training.
Planning (BCP) and Disaster Recovery Planning (DRP) (page 163).
Question # 207
Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network?
A. Inbound packets with Source Routing option set B. Router information exchange protocols C. Inbound packets with an internal address as the source IP address D. Outbound packets with an external destination IP address
Answer: D
Explanation:
Normal outbound traffic has an internal source IP address and an external destination IP address.
Traffic with an internal source IP address should only come from an internal interface. Such
packets coming from an external interface should be dropped.
Packets with the source-routing option enabled usually indicates a network intrusion attempt.
Router information exchange protocols like RIP and OSPF should be dropped to avoid having
internal routing equipment being reconfigured by external agents.
Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 10:
The Perfect Firewall.
Question # 208
The MOST common threat that impacts a business's ability to function normally is:
A. Power Outage B. Water Damage C. Severe Weather D. Labor Strike
Answer: A
Explanation:
The MOST common threat that impacts a business's ability to function normally is power. Power
interruption cause more business interruption than any other type of event.
The second most common threat is Water such as flood, water damage from broken pipe, leaky
roof, etc...
Threats will be discovered while doing your Threats and Risk Assessments (TRA).
There are three elements of risks: threats, assets, and mitigating factors (countermeasures,
safeguards, controls).
A threat is an event or situation that if it occured would affect your business and may even prevent
it from functioning normally or in some case functioning at all. Evaluation of threats is done by
looking at Likelihood and Impact of possible threat. Safeguards, countermeasures, and controls
would be used to bring the threat level down to an acceptable level.
Other common events that can impact a company are:
The Official ISC2 Guide to the CISSP CBK, Second Edition, Page 275-276
Question # 209
In the context of network enumeration by an outside attacker and possible Distributed Denial of Service (DDoS) attacks, which of the following firewall rules is not appropriate to protect an organization's internal network?
A. Allow echo reply outbound B. Allow echo request outbound C. Drop echo request inbound D. Allow echo reply inbound
Answer: A
Explanation:
Echo replies outbound should be dropped, not allowed. There is no reason for any internet users
to send ICMP ECHO Request to your interal hosts from the internet. If they wish to find out if a
service is available, they can use a browser to connect to your web server or simply send an email
if they wish to test your mail service.
Echo replies outbound could be used as part of the SMURF amplification attack where someone
will send ICMP echo requests to gateways broadcast addresses in order to amplify the request by
X number of users sitting behind the gateway.
By allowing inbound echo requests and outbound echo replies, it makes it easier for attackers to
learn about the internal network as well by performing a simply ping sweep. ICMP can also be
used to find out which host has been up and running the longest which would indicates which
patches are missing on the host if a critical patch required a reboot.
ICMP can also be use for DDoS attacks, so you should strictly limit what type of ICMP traffic would
be allowed to flow through your firewall.
On top of all this, tools such as LOKI could be use as a client-server application to transfer files
back and forward between the internat and some of your internal hosts. LOKI is a client/server
program published in the online publication Phrack . This program is a working proof-of-concept to
demonstrate that data can be transmitted somewhat secretly across a network by hiding it in traffic
that normally does not contain payloads. The example code can tunnel the equivalent of a Unix
RCMD/RSH session in either ICMP echo request (ping) packets or UDP traffic to the DNS port.
This is used as a back door into a Unix system after root access has been compromised.
Presence of LOKI on a system is evidence that the system has been compromised in the past.
The outbound echo request and inbound echo reply allow internal users to verify connectivity with
external hosts.
The following answers are incorrect:
Allow echo request outbound The outbound echo request and inbound echo reply allow internal
users to verify connectivity with external hosts.
Drop echo request inbound There is no need for anyone on the internet to attempt pinging your
internal hosts.
Allow echo reply inbound The outbound echo request and inbound echo reply allow internal users
Professional Publications, 2002, Chapter 8, Business Continuity Planning & Disaster Recovery
Planning (page 506).
Question # 211
What can be best defined as the examination of threat sources against system vulnerabilities todetermine the threats for a particular system in a particular operational environment?
A. Risk management B. Risk analysis C. Threat analysis D. Due diligence
Answer: C
Explanation:
Threat analysis is the examination of threat sources against system vulnerabilities to determine
the threats for a particular system in a particular operational environment.
The following answers are incorrect:
Risk analysis is the process of identifying the risks to system security and determining the
probability of occurrence, the resulting impact, and the additional safeguards that mitigate this
impact.
Risk analysis is synonymous with risk assessment and part of risk management, which is the
ongoing process of assessing the risk to mission/business as part of a risk-based approach used
to determine adequate security for a system by analyzing the threats and vulnerabilities and
selecting appropriate, cost-effective controls to achieve and maintain an acceptable level or risk.
Due Diligence is identifying possible risks that could affect a company based on best practices and
standards.
Reference(s) used for this question:
STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST Special
Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for
Achieving Security), June 2001 (page B-3).
Question # 212
Which of the following is the primary security feature of a proxy server?
A. Virus Detection B. URL blocking C. Route blocking D. Content filtering
Answer: D
Explanation:
In many organizations, the HTTP proxy is used as a means to implement content filtering, for
instance, by logging or blocking traffic that has been defined as, or is assumed to be nonbusiness
related for some reason.
Although filtering on a proxy server or firewall as part of a layered defense can be quite effective to
prevent, for instance, virus infections (though it should never be the only protection against
viruses), it will be only moderately effective in preventing access to unauthorized services (such as
certain remote-access services or file sharing), as well as preventing the download of unwanted
content. HTTP Tunneling.
HTTP tunneling is technically a misuse of the protocol on the part of the designer of such tunneling
applications. It has become a popular feature with the rise of the first streaming video and audio
applications and has been implemented into many applications that have a market need to bypass
user policy restrictions.
Usually, HTTP tunneling is applied by encapsulating outgoing traffic from an application in an
HTTP request and incoming traffic in a response. This is usually not done to circumvent security,
but rather, to be compatible with existing firewall rules and allow an application to function through
a firewall without the need to apply special rules, or additional configurations.
The following are incorrect choices:
Virus Detection A proxy is not best at detection malware and viruses within content. A antivirus
product would be use for that purpose.
URL blocking This would be a subset of Proxying, based on the content some URL's may be
blocked by the proxy but it is not doing filtering based on URL addresses only. This is not the
BEST answer.
Route blocking This is a function that would be done by Intrusion Detection and Intrusion
prevention system and not the proxy. This could be done by filtering devices such as Firewalls and
Routers as well. Again, not the best choice.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
Which of the following best allows risk management results to be used knowledgeably?
A. A vulnerability analysis B. A likelihood assessment C. An uncertainty analysis D. A threat identification
Answer: C
Explanation:
Risk management consists of two primary and one underlying activity; risk assessment and risk
mitigation are the primary activities and uncertainty analysis is the underlying one. After having
performed risk assessment and mitigation, an uncertainty analysis should be performed. Risk
management must often rely on speculation, best guesses, incomplete data, and many unproven
assumptions. A documented uncertainty analysis allows the risk management results to be used
knowledgeably. A vulnerability analysis, likelihood assessment and threat identification are all
parts of the collection and analysis of data part of the risk assessment, one of the primary activities
of risk management.
Source: SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and
Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and Practices
for Securing Information Technology Systems, September 1996 (pages 19-21).
Question # 214
Computer security should be first and foremost which of the following:
A. Cover all identified risks B. Be cost-effective. C. Be examined in both monetary and non-monetary terms. D. Be proportionate to the value of IT systems.
Answer: B
Explanation:
Computer security should be first and foremost cost-effective.
As for any organization, there is a need to measure their cost-effectiveness, to justify budget
usage and provide supportive arguments for their next budget claim. But organizations often have
difficulties to accurately measure the effectiveness and the cost of their information security
activities.
The classical financial approach for ROI calculation is not particularly appropriate for measuring
security-related initiatives: Security is not generally an investment that results in a profit. Security
is more about loss prevention. In other terms, when you invest in security, you don’t expect
benefits; you expect to reduce the risks threatening your assets.
The concept of the ROI calculation applies to every investment. Security is no exception.
Executive decision-makers want to know the impact security is having on the bottom line. In order
to know how much they should spend on security, they need to know how much is the lack of
security costing to the business and what
are the most cost-effective solutions.
Applied to security, a Return On Security Investment (ROSI) calculation can provide quantitative
answers to essential financial questions:
Is an organization paying too much for its security?
What financial impact on productivity could have lack of security?
When is the security investment enough?
Is this security product/organisation beneficial?
The following are other concerns about computer security but not the first and foremost:
The costs and benefits of security should be carefully examined in both monetary and nonmonetary terms to ensure that the cost of controls does not exceed expected benefits.
Security should be appropriate and proportionate to the value of and degree of reliance on the IT
systems and to the severity, probability, and extent of potential harm.
Requirements for security vary, depending upon the particular IT system. Therefore it does not
make sense for computer security to cover all identified risks when the cost of the measures
exceeds the value of the systems they are protecting.
Reference(s) used for this question:
SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and Technology
(NIST), NIST Special Publication 800-14, Generally Accepted Principles and Practices for
Securing Information Technology Systems, September 1996 (page 6).
Leave a comment
Your email address will not be published. Required fields are marked *